Tutorial Series

How To Use Monkeysphere to Validate SSH Servers and Clients

SSH is an excellent way of securely connecting to remote hosts. However, there are some issues with easily validating the identity of the server you are attempting to connect to. Additionally, it can be hard to keep track of which users are authorized to use a busy infrastructure, especially with changing keys. Monkeysphere is a project meant to address these issues by leveraging GPG keys and the web of trust model. Using this system, we can safely make SSH connections.
  • When connecting to an SSH server for the first time, or if there have been changes on the host, a message is shown warning that the remote host's identity cannot be verified. In this guide, we'll use a system called Monkeysphere, which uses GPG's web of trust model to validate the identity of servers to users.
  • The authorized_keys file on an SSH server can become difficult to manage with key changes and a large amount of entries. It can be hard to know which credentials are valid and which actual person each key is associated with. The Monkeysphere system allows you to configure authentication to an SSH server in plain English by utilizing GPG keys. This leads to a more manageable system and allows you to create policies for users, not keys.