The Monkeysphere project's goal is to extend the web of trust model
and other features of OpenPGP to other areas of the Internet to help
us securely identify each other while we work online.
Specifically, the Monkeysphere is a framework to leverage the OpenPGP
web of trust for OpenSSH authentication. In other words, it allows
you to use your OpenPGP keys when using secure shell to both identify
yourself and the servers you administer or connect to. OpenPGP keys
are tracked via GnuPG, and managed in the known_hosts and
authorized_keys files used by OpenSSH for connection authentication.
[[bugs]] | [[download]] | [[news]] | [[documentation|doc]]
Conceptual overview
Everyone who has used secure shell is familiar with the prompt given
the first time you login, asking if you want to trust the server's
fingerprint. In addition, many of us take advantage of OpenSSH's
ability to use RSA or DSA keys for authenticating to a server, rather
than relying on a password exchange.
OpenSSH already provides a functional way for
managing the RSA and DSA keys required for these
interactions. However, it lacks any type of Public Key Infrastructure
(PKI).
The basic idea of the Monkeysphere is to create a framework that uses
GnuPG's keyring manipulation capabilities and
public keyserver communication to manage the keys that OpenSSH uses
for connection authentication.
Under the Monkeysphere, both parties to an OpenSSH connection (client
and server) explicitly designate who they trust to certify the
identity of the other party. These trust designations are explicitly
indicated with traditional GPG keyring trust models. Monkeysphere
then manages the keys in the known_hosts and authorized_keys files
directly, in such a way that is completely transparent to SSH. No
modification is made to the SSH protocol on the wire (it continues to
use raw RSA public keys), and no modification is needed to the OpenSSH
software.
To emphasize: no SSH modification is required to use the
Monkeysphere.
This offers users of OpenSSH an effective PKI, including the
possibility for key transitions, transitive identifications,
revocations, and expirations. It also actively invites broader
participation in the OpenPGP
web of trust.
Philosophy
Humans (and
monkeys)
have innate capacity to keep track of the identity of a finite number
of people. After our social sphere exceeds several dozen or several
hundred (depending on the individual), our ability to remember and
distinguish people begins to break down. In other words, at a certain
point, we can't know for sure that the person we ran into in the
produce aisle really is the same person who we met at the party last
week.
For most of us, this limitation has not posed much of a problem in our
daily, off-line lives. With the Internet, however, we have an ability
to interact with vastly larger numbers of people than we had
before. In addition, on the Internet we lose many of our tricks for
remembering and identifying people (physical characteristics, sound of
the voice, etc.).
Fortunately, with online communications we have easy access to tools
that can help us navigate these problems.
OpenPGP (a cryptographic
protocol commonly used for sending signed and encrypted email
messages) is one such tool. In its simplest form, it allows us to
sign our communication in such a way that the recipient can verify the
sender.
OpenPGP goes beyond this simple use to implement a feature known as
the web of trust. The web
of trust allows people who have never met in person to communicate
with a reasonable degree of certainty that they are who they say they
are. It works like this: Person A trusts Person B. Person B verifies
Person C's identity. Then, Person A can verify Person C's identity.
The Monkeyshpere's broader goals are to extend the use of OpenPGP from
email communications to other activities, such as:
- conclusively identifying the remote server in a remote login session
- granting access to servers to people we've never directly met
Links
This wiki is powered by ikiwiki.