Rechercher une page de manuel
monkeysphere
Langue: en
Version: 313111 (ubuntu - 07/07/09)
Section: 1 (Commandes utilisateur)
NAME
monkeysphere - Monkeysphere client user interface
SYNOPSIS
monkeysphere subcommand [args]
DESCRIPTION
Monkeysphere is a framework to leverage the OpenPGP web of trust for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and added to the authorized_keys and known_hosts files used by OpenSSH for connection authentication.
monkeysphere is the Monkeysphere client utility.
SUBCOMMANDS
monkeysphere takes various subcommands:
- update-known_hosts [HOST]...
- Update the known_hosts file. For each specified host, gpg will be queried for a key associated with the host URI (see HOST IDENTIFICATION in monkeysphere(7)), optionally querying a keyserver. If an acceptable key is found for the host (see KEY ACCEPTABILITY in monkeysphere(7)), the key is added to the user's known_hosts file. If a key is found but is unacceptable for the host, any matching keys are removed from the user's known_hosts file. If no gpg key is found for the host, nothing is done. If no hosts are specified, all hosts listed in the known_hosts file will be processed. This subcommand will exit with a status of 0 if at least one acceptable key was found for a specified host, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `k' may be used in place of `update-known_hosts'.
- update-authorized_keys
- Update the authorized_keys file for the user executing the command (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below). First all monkeysphere keys are cleared from the authorized_keys file. Then, or each user ID in the user's authorized_user_ids file, gpg will be queried for keys associated with that user ID, optionally querying a keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in monkeysphere(7)), the key is added to the user's authorized_keys file. If a key is found but is unacceptable for the user ID, any matching keys are removed from the user's authorized_keys file. If no gpg key is found for the user ID, nothing is done. This subcommand will exit with a status of 0 if at least one acceptable key was found for a user ID, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `a' may be used in place of `update-authorized_keys'.
- gen-subkey [KEYID]
- Generate an authentication subkey for a private key in your GnuPG keyring. For the primary key with the specified key ID, generate a subkey with "authentication" capability that can be used for monkeysphere transactions. An expiration length can be specified with the `-e' or `--expire' option (prompt otherwise). If no key ID is specified, but only one key exists in the secret keyring, that key will be used. `g' may be used in place of `gen-subkey'.
- subkey-to-ssh-agent [ssh-add arguments]
- Push all authentication-capable subkeys in your GnuPG secret keyring into your running ssh-agent. Additional arguments are passed through to ssh-add(1). For example, to remove the authentication subkeys, pass an additional `-d' argument. To require confirmation on each use of the key, pass `-c'. `s' may be used in place of `subkey-to-ssh-agent'.
- help
- Output a brief usage summary. `h' or `?' may be used in place of `help'.
ENVIRONMENT
The following environment variables will override those specified in the monkeysphere.conf configuration file (defaults in parentheses):
- MONKEYSPHERE_LOG_LEVEL
- Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in increasing order of verbosity.
- MONKEYSPHERE_GNUPGHOME, GNUPGHOME
- GnuPG home directory (~/.gnupg).
- MONKEYSPHERE_KEYSERVER
- OpenPGP keyserver to use (subkeys.pgp.net).
- MONKEYSPHERE_CHECK_KEYSERVER
- Whether or not to check keyserver when making gpg queries (`true').
- MONKEYSPHERE_KNOWN_HOSTS
- Path to ssh known_hosts file (~/.ssh/known_hosts).
- MONKEYSPHERE_HASH_KNOWN_HOSTS
- Whether or not to hash to the known_hosts file entries (`true').
- MONKEYSPHERE_AUTHORIZED_KEYS
- Path to ssh authorized_keys file (~/.ssh/authorized_keys).
FILES
- ~/.monkeysphere/monkeysphere.conf
- User monkeysphere config file.
- /etc/monkeysphere/monkeysphere.conf
- System-wide monkeysphere config file.
- ~/.monkeysphere/authorized_user_ids
- OpenPGP user IDs associated with keys that will be checked for addition to the authorized_keys file.
AUTHOR
Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
SEE ALSO
monkeysphere-ssh-proxycommand(1), monkeysphere-server(8), monkeysphere(7), ssh(1), ssh-add(1), gpg(1)
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre