1MONKEYSPHERE(7) System Frameworks MONKEYSPHERE(7)
2
3
4
6 monkeysphere - ssh and TLS authentication framework using OpenPGP Web
7 of Trust
8
9
11 Monkeysphere is a framework to leverage the OpenPGP web of trust for
12 OpenSSH and TLS key-based authentication. OpenPGP keys are tracked via
13 GnuPG, and added to the authorized_keys and known_hosts files used by
14 OpenSSH for connection authentication. Monkeysphere can also be used
15 by a validation agent to validate TLS connections (e.g. https).
16
17
19 Each host that uses the Monkeysphere to authenticate its remote users
20 needs some way to determine that those users are who they claim to be.
21 SSH permits key-based authentication, but we want instead to bind
22 authenticators to human-comprehensible user identities. This switch
23 from raw keys to User IDs makes it possible for administrators to see
24 intuitively who has access to an account, and it also enables end users
25 to transition keys (and revoke compromised ones) automatically across
26 all Monkeysphere-enabled hosts. The User IDs and certifications that
27 the Monkeysphere relies on are found in the OpenPGP Web of Trust.
28
29 However, in order to establish this binding, each host must know whose
30 cerifications to trust. Someone who a host trusts to certify User
31 Identities is called an Identity Certifier. A host must have at least
32 one Identity Certifier in order to bind User IDs to keys. Commonly,
33 every ID Certifier would be trusted by the host to fully identify any
34 User ID, but more nuanced approaches are possible as well. For exam‐
35 ple, a given host could specify a dozen ID certifiers, but assign them
36 all "marginal" trust. Then any given User ID would need to be certi‐
37 fied in the OpenPGP Web of Trust by at least three of those certifiers.
38
39 It is also possible to limit the scope of trust for a given ID Certi‐
40 fier to a particular domain. That is, a host can be configured to
41 fully (or marginally) trust a particular ID Certifier only when they
42 certify identities within, say, example.org (based on the e-mail
43 address in the User ID).
44
45
47 The monkeysphere commands work from a set of user IDs to determine
48 acceptable keys for ssh and TLS authentication. OpenPGP keys are con‐
49 sidered acceptable if the following criteria are met:
50
51 capability
52 The key must have the `authentication' (`a') usage flag set.
53
54 validity
55 The key itself must be valid, i.e. it must be well-formed, not
56 expired, and not revoked.
57
58 certification
59 The relevant user ID must be signed by a trusted identity certi‐
60 fier.
61
62
64 The OpenPGP keys for hosts have associated `service names` (OpenPGP
65 user IDs) that are based on URI specifications for the service. Some
66 examples:
67
68 ssh: ssh://host.example.com[:port]
69
70 https: https://host.example.com[:port]
71
72
74 Written by: Jameson Rollins <jrollins@finestructure.net>, Daniel Kahn
75 Gillmor <dkg@fifthhorseman.net>
76
77
79 monkeysphere(1), monkeysphere-host(8), monkeysphere-authentication(8),
80 openpgp2ssh(1), pem2openpgp(1), gpg(1),
81 http://tools.ietf.org/html/rfc4880, ssh(1),
82 http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/
83
84
85
86monkeysphere March 2010 MONKEYSPHERE(7)