Provided by: monkeysphere_0.22-1_i386 bug

NAME

       monkeysphere - Monkeysphere client user interface

SYNOPSIS

       monkeysphere subcommand [args]

DESCRIPTION

       Monkeysphere  is  a  framework to leverage the OpenPGP web of trust for
       OpenSSH authentication.  OpenPGP keys are tracked via GnuPG, and  added
       to  the  authorized_keys  and  known_hosts  files  used  by OpenSSH for
       connection authentication.

       monkeysphere is the Monkeysphere client utility.

SUBCOMMANDS

       monkeysphere takes various subcommands:

       update-known_hosts [HOST]...
              Update the known_hosts file.  For each specified host, gpg  will
              be  queried  for  a  key  associated with the host URI (see HOST
              IDENTIFICATION  in  monkeysphere(7)),  optionally   querying   a
              keyserver.   If an acceptable key is found for the host (see KEY
              ACCEPTABILITY in monkeysphere(7)),  the  key  is  added  to  the
              user’s  known_hosts file.  If a key is found but is unacceptable
              for the host, any matching keys  are  removed  from  the  user’s
              known_hosts  file.  If no gpg key is found for the host, nothing
              is done.  If no hosts are specified, all  hosts  listed  in  the
              known_hosts  file  will be processed.  This subcommand will exit
              with a status of 0 if at least one acceptable key was found  for
              a specified host, 1 if no matching keys were found at all, and 2
              if matching keys were found but none were acceptable.   ‘k’  may
              be used in place of ‘update-known_hosts’.

       update-authorized_keys
              Update  the  authorized_keys  file  for  the  user executing the
              command  (see   MONKEYSPHERE_AUTHORIZED_KEYS   in   ENVIRONMENT,
              below).   First  all  monkeysphere  keys  are  cleared  from the
              authorized_keys file.  Then, or  each  user  ID  in  the  user’s
              authorized_user_ids   file,   gpg   will  be  queried  for  keys
              associated with that user ID, optionally querying  a  keyserver.
              If  an  acceptable  key  is  found  (see  KEY  ACCEPTABILITY  in
              monkeysphere(7)), the key is added to the user’s authorized_keys
              file.   If  a  key is found but is unacceptable for the user ID,
              any matching keys are removed from  the  user’s  authorized_keys
              file.   If no gpg key is found for the user ID, nothing is done.
              This subcommand will exit with a status of 0  if  at  least  one
              acceptable  key  was  found for a user ID, 1 if no matching keys
              were found at all, and 2 if matching keys were  found  but  none
              were   acceptable.   ‘a’  may  be  used  in  place  of  ‘update-
              authorized_keys’.

       gen-subkey [KEYID]
              Generate an authentication subkey for  a  private  key  in  your
              GnuPG  keyring.   For the primary key with the specified key ID,
              generate a subkey with "authentication" capability that  can  be
              used for monkeysphere transactions.  An expiration length can be
              specified with the ‘-e’ or ‘--expire’ option (prompt otherwise).
              If no key ID is specified, but only one key exists in the secret
              keyring, that key will be used.  ‘g’ may be  used  in  place  of
              ‘gen-subkey’.

       subkey-to-ssh-agent [ssh-add arguments]
              Push  all  authentication-capable  subkeys  in your GnuPG secret
              keyring into your running ssh-agent.  Additional  arguments  are
              passed  through  to  ssh-add(1).   For  example,  to  remove the
              authentication subkeys, pass an additional  ‘-d’  argument.   To
              require confirmation on each use of the key, pass ‘-c’.  ‘s’ may
              be used in place of ‘subkey-to-ssh-agent’.

       help   Output a brief usage summary.  ‘h’ or ‘?’ may be used  in  place
              of ‘help’.

ENVIRONMENT

       The  following  environment  variables will override those specified in
       the monkeysphere.conf configuration file (defaults in parentheses):

       MONKEYSPHERE_LOG_LEVEL
              Set the log level (INFO).  Can be SILENT, ERROR, INFO,  VERBOSE,
              DEBUG, in increasing order of verbosity.

       MONKEYSPHERE_GNUPGHOME, GNUPGHOME
              GnuPG home directory (~/.gnupg).

       MONKEYSPHERE_KEYSERVER
              OpenPGP keyserver to use (subkeys.pgp.net).

       MONKEYSPHERE_CHECK_KEYSERVER
              Whether  or  not  to  check  keyserver  when  making gpg queries
              (‘true’).

       MONKEYSPHERE_KNOWN_HOSTS
              Path to ssh known_hosts file (~/.ssh/known_hosts).

       MONKEYSPHERE_HASH_KNOWN_HOSTS
              Whether or not to hash to the known_hosts file entries (‘true’).

       MONKEYSPHERE_AUTHORIZED_KEYS
              Path to ssh authorized_keys file (~/.ssh/authorized_keys).

FILES

       ~/.monkeysphere/monkeysphere.conf
              User monkeysphere config file.

       /etc/monkeysphere/monkeysphere.conf
              System-wide monkeysphere config file.

       ~/.monkeysphere/authorized_user_ids
              OpenPGP  user  IDs associated with keys that will be checked for
              addition to the authorized_keys file.

AUTHOR

       Written by Jameson Rollins  <jrollins@fifthhorseman.net>,  Daniel  Kahn
       Gillmor <dkg@fifthhorseman.net>

SEE ALSO

       monkeysphere-ssh-proxycommand(1),               monkeysphere-server(8),
       monkeysphere(7), ssh(1), ssh-add(1), gpg(1)