Provided by: monkeysphere_0.22-1_i386
monkeysphere - Monkeysphere client user interface
monkeysphere subcommand [args]
Monkeysphere is a framework to leverage the OpenPGP web of trust for
OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and added
to the authorized_keys and known_hosts files used by OpenSSH for
monkeysphere is the Monkeysphere client utility.
monkeysphere takes various subcommands:
Update the known_hosts file. For each specified host, gpg will
be queried for a key associated with the host URI (see HOST
IDENTIFICATION in monkeysphere(7)), optionally querying a
keyserver. If an acceptable key is found for the host (see KEY
ACCEPTABILITY in monkeysphere(7)), the key is added to the
user’s known_hosts file. If a key is found but is unacceptable
for the host, any matching keys are removed from the user’s
known_hosts file. If no gpg key is found for the host, nothing
is done. If no hosts are specified, all hosts listed in the
known_hosts file will be processed. This subcommand will exit
with a status of 0 if at least one acceptable key was found for
a specified host, 1 if no matching keys were found at all, and 2
if matching keys were found but none were acceptable. ‘k’ may
be used in place of ‘update-known_hosts’.
Update the authorized_keys file for the user executing the
command (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT,
below). First all monkeysphere keys are cleared from the
authorized_keys file. Then, or each user ID in the user’s
authorized_user_ids file, gpg will be queried for keys
associated with that user ID, optionally querying a keyserver.
If an acceptable key is found (see KEY ACCEPTABILITY in
monkeysphere(7)), the key is added to the user’s authorized_keys
file. If a key is found but is unacceptable for the user ID,
any matching keys are removed from the user’s authorized_keys
file. If no gpg key is found for the user ID, nothing is done.
This subcommand will exit with a status of 0 if at least one
acceptable key was found for a user ID, 1 if no matching keys
were found at all, and 2 if matching keys were found but none
were acceptable. ‘a’ may be used in place of ‘update-
Generate an authentication subkey for a private key in your
GnuPG keyring. For the primary key with the specified key ID,
generate a subkey with "authentication" capability that can be
used for monkeysphere transactions. An expiration length can be
specified with the ‘-e’ or ‘--expire’ option (prompt otherwise).
If no key ID is specified, but only one key exists in the secret
keyring, that key will be used. ‘g’ may be used in place of
subkey-to-ssh-agent [ssh-add arguments]
Push all authentication-capable subkeys in your GnuPG secret
keyring into your running ssh-agent. Additional arguments are
passed through to ssh-add(1). For example, to remove the
authentication subkeys, pass an additional ‘-d’ argument. To
require confirmation on each use of the key, pass ‘-c’. ‘s’ may
be used in place of ‘subkey-to-ssh-agent’.
help Output a brief usage summary. ‘h’ or ‘?’ may be used in place
The following environment variables will override those specified in
the monkeysphere.conf configuration file (defaults in parentheses):
Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE,
DEBUG, in increasing order of verbosity.
GnuPG home directory (~/.gnupg).
OpenPGP keyserver to use (subkeys.pgp.net).
Whether or not to check keyserver when making gpg queries
Path to ssh known_hosts file (~/.ssh/known_hosts).
Whether or not to hash to the known_hosts file entries (‘true’).
Path to ssh authorized_keys file (~/.ssh/authorized_keys).
User monkeysphere config file.
System-wide monkeysphere config file.
OpenPGP user IDs associated with keys that will be checked for
addition to the authorized_keys file.
Written by Jameson Rollins <email@example.com>, Daniel Kahn
monkeysphere(7), ssh(1), ssh-add(1), gpg(1)