summaryrefslogtreecommitdiff
path: root/src/rhesus/README
blob: 4d383d524fdacd15e63c2656afe7694d84f10648 (plain)
  1. rhesus is the monkeysphere authorized_keys/known_hosts generator.
  2. In authorized_keys mode, rhesus takes an auth_user_ids file, which
  3. contains gpg user ids, uses gpg to fetch the keys of the specified
  4. users, does a monkeysphere policy check on each id, and uses gpg2ssh
  5. to generate authorized_keys lines for each verified id. The lines are
  6. then combined with a user's traditional authorized_keys file to create
  7. a new authorized_keys file.
  8. In known_hosts mode, rhesus takes an auth_host_ids file, which
  9. contains gpg user ids of the form ssh://URL, uses gpg to fetch the
  10. keys of the specified hosts, does a monkeysphere policy check on each
  11. id, and uses gpg2ssh to generate a known_hosts lines for each verified
  12. id. The lines are then combined with a user's traditional known_hosts
  13. file to create a new known_hosts file.
  14. When run as a normal user, no special configuration is needed.
  15. When run as an administrator to update system-maintained
  16. authorized_keys files for each user, the following environment
  17. variables should be defined first:
  18. MS_CONF=/etc/monkeysphere/monkeysphere.conf
  19. USER=foo
  20. For example, the command might be run like this:
  21. for USER in $(ls -1 /home) ; do
  22. MS_CONF=/etc/monkeysphere/monkeysphere.conf rhesus --authorized_keys
  23. done