monkeysphere

Langue: en

Autres versions - même langue

Version: 313111 (ubuntu - 07/07/09)

Autres sections - même nom

Section: 1 (Commandes utilisateur)

Sommaire

NAME

monkeysphere - Monkeysphere client user interface

SYNOPSIS

monkeysphere subcommand [args]

DESCRIPTION

Monkeysphere is a framework to leverage the OpenPGP web of trust for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and added to the authorized_keys and known_hosts files used by OpenSSH for connection authentication.

monkeysphere is the Monkeysphere client utility.

SUBCOMMANDS

monkeysphere takes various subcommands:

update-known_hosts [HOST]...
Update the known_hosts file. For each specified host, gpg will be queried for a key associated with the host URI (see HOST IDENTIFICATION in monkeysphere(7)), optionally querying a keyserver. If an acceptable key is found for the host (see KEY ACCEPTABILITY in monkeysphere(7)), the key is added to the user's known_hosts file. If a key is found but is unacceptable for the host, any matching keys are removed from the user's known_hosts file. If no gpg key is found for the host, nothing is done. If no hosts are specified, all hosts listed in the known_hosts file will be processed. This subcommand will exit with a status of 0 if at least one acceptable key was found for a specified host, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `k' may be used in place of `update-known_hosts'.
update-authorized_keys
Update the authorized_keys file for the user executing the command (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below). First all monkeysphere keys are cleared from the authorized_keys file. Then, or each user ID in the user's authorized_user_ids file, gpg will be queried for keys associated with that user ID, optionally querying a keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in monkeysphere(7)), the key is added to the user's authorized_keys file. If a key is found but is unacceptable for the user ID, any matching keys are removed from the user's authorized_keys file. If no gpg key is found for the user ID, nothing is done. This subcommand will exit with a status of 0 if at least one acceptable key was found for a user ID, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `a' may be used in place of `update-authorized_keys'.
gen-subkey [KEYID]
Generate an authentication subkey for a private key in your GnuPG keyring. For the primary key with the specified key ID, generate a subkey with "authentication" capability that can be used for monkeysphere transactions. An expiration length can be specified with the `-e' or `--expire' option (prompt otherwise). If no key ID is specified, but only one key exists in the secret keyring, that key will be used. `g' may be used in place of `gen-subkey'.
subkey-to-ssh-agent [ssh-add arguments]
Push all authentication-capable subkeys in your GnuPG secret keyring into your running ssh-agent. Additional arguments are passed through to ssh-add(1). For example, to remove the authentication subkeys, pass an additional `-d' argument. To require confirmation on each use of the key, pass `-c'. `s' may be used in place of `subkey-to-ssh-agent'.
help
Output a brief usage summary. `h' or `?' may be used in place of `help'.

ENVIRONMENT

The following environment variables will override those specified in the monkeysphere.conf configuration file (defaults in parentheses):

MONKEYSPHERE_LOG_LEVEL
Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in increasing order of verbosity.
MONKEYSPHERE_GNUPGHOME, GNUPGHOME
GnuPG home directory (~/.gnupg).
MONKEYSPHERE_KEYSERVER
OpenPGP keyserver to use (subkeys.pgp.net).
MONKEYSPHERE_CHECK_KEYSERVER
Whether or not to check keyserver when making gpg queries (`true').
MONKEYSPHERE_KNOWN_HOSTS
Path to ssh known_hosts file (~/.ssh/known_hosts).
MONKEYSPHERE_HASH_KNOWN_HOSTS
Whether or not to hash to the known_hosts file entries (`true').
MONKEYSPHERE_AUTHORIZED_KEYS
Path to ssh authorized_keys file (~/.ssh/authorized_keys).

FILES

~/.monkeysphere/monkeysphere.conf
User monkeysphere config file.
/etc/monkeysphere/monkeysphere.conf
System-wide monkeysphere config file.
~/.monkeysphere/authorized_user_ids
OpenPGP user IDs associated with keys that will be checked for addition to the authorized_keys file.

AUTHOR

Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>

SEE ALSO

monkeysphere-ssh-proxycommand(1), monkeysphere-server(8), monkeysphere(7), ssh(1), ssh-add(1), gpg(1)