Rechercher une page de manuel
monkeysphere
Langue: en
Version: 327905 (ubuntu - 08/07/09)
Section: 7 (Divers)
NAME
monkeysphere - ssh authentication framework using OpenPGP Web of Trust
DESCRIPTION
MonkeySphere is a framework to leverage the OpenPGP Web of Trust for ssh authentication. OpenPGP keys are tracked via GnuPG, and added to the authorized_keys and known_hosts files used by ssh for connection authentication.
IDENTITY CERTIFIERS
FIXME: describe identity certifier concept
KEY ACCEPTABILITY
During known_host and authorized_keys updates, the monkeysphere commands work from a set of user IDs to determine acceptable keys for ssh authentication. OpenPGP keys are considered acceptable if the following criteria are met:
- capability
- The key must have the "authentication" ("a") usage flag set.
- validity
- The key itself must be valid, i.e. it must be well-formed, not expired, and not revoked.
- certification
- The relevant user ID must be signed by a trusted identity certifier.
HOST IDENTIFICATION
The OpenPGP keys for hosts have associated user IDs that use the ssh URI specification for the host, i.e. "ssh://host.full.domain[:port]".
AUTHOR
Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
SEE ALSO
monkeysphere(1), monkeysphere-server(8), monkeysphere-ssh-proxycommand(1), gpg(1), ssh(1), http://tools.ietf.org/html/rfc4880, http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre