1
Content-type: text/html
3
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
4
<HTML><HEAD><TITLE>Man page of IPSEC_SHOWHOSTKEY</TITLE>
6
<H1>IPSEC_SHOWHOSTKEY</H1>
7
Section: Maintenance Commands (8)<BR>Updated: 5 March 2002<BR><A HREF="#index">Index</A>
8
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
11
<A NAME="lbAB"> </A>
14
ipsec showhostkey - show host's authentication key
15
<A NAME="lbAC"> </A>
47
<A NAME="lbAD"> </A>
52
outputs (on standard output) a public key suitable for this host,
53
in the format specified,
54
using the host key information stored in
55
<I>/etc/ipsec.secrets</I>.
57
In general only the super-user can run this command,
58
since only he can read
66
option causes the output to be in opportunistic-encryption DNS TXT record
72
If information about how the key was generated is available,
73
that is provided as a DNS-file comment.
75
<B>--txt 10.11.12.13</B>
77
might give (with the key data trimmed for clarity):
81
; RSA 2048 bits xy.example.com Sat Apr 15 13:53:22 2000
82
IN TXT "X-IPsec-Server(10)=10.11.12.13 AQOF8tZ2...+buFuFn/"
87
No name is supplied in the TXT record
88
because there are too many possibilities,
89
depending on how it will be used.
90
If the text string is longer than 255 bytes,
91
it is split up into multiple strings (matching the restrictions of
92
the DNS TXT binary format).
93
If any split is needed, the first split will be at the start of the key:
94
this increases the chances that later hand editing will work.
103
options cause the output to be in
104
<I><A HREF="/cgi-bin/man/man2html?5+ipsec.conf">ipsec.conf</A></I>(5)
110
<B>rightrsasigkey</B>
112
parameter respectively.
113
Again, generation information is included if available.
117
might give (with the key data trimmed down for clarity):
121
# RSA 2048 bits xy.example.com Sat Apr 15 13:53:22 2000
122
leftrsasigkey=0sAQOF8tZ2...+buFuFn/
130
option cause the output to be suitable for inclusion in
131
<I><A HREF="/cgi-bin/man/man2html?5+dhclient.conf">dhclient.conf</A></I>(5)
133
as part of configuring WAVEsec.
134
See <<A HREF="http://www.wavesec.org">http://www.wavesec.org</A>>.
141
the output format is the text form of a DNS KEY record;
142
the host name is the one included in the key information
143
(or, if that is not available,
145
<B>hostname --fqdn</B>),
151
Again, generation information is included if available.
152
For example (with the key data trimmed down for clarity):
156
; RSA 2048 bits xy.example.com Sat Apr 15 13:53:22 2000
157
xy.example.com. IN KEY 0x4200 4 1 AQOF8tZ2...+buFuFn/
162
Normally, the default key for this host
163
(the one with no host identities specified for it) is the one extracted.
167
option overrides this,
168
causing extraction of the key labeled with the specified
178
match the identity in the file;
179
in particular, the comparison is case-sensitive.
185
option overrides the default for where the key information should be
186
found, and takes it from the specified
189
<A NAME="lbAE"> </A>
192
A complaint about ``no pubkey line found'' indicates that the
193
host has a key but it was generated with an old version of FreeS/WAN
194
and does not contain the information that
198
<A NAME="lbAF"> </A>
202
<A NAME="lbAG"> </A>
205
<A HREF="/cgi-bin/man/man2html?5+ipsec.secrets">ipsec.secrets</A>(5), <A HREF="/cgi-bin/man/man2html?5+ipsec.conf">ipsec.conf</A>(5), <A HREF="/cgi-bin/man/man2html?8+ipsec_rsasigkey">ipsec_rsasigkey</A>(8)
206
<A NAME="lbAH"> </A>
209
Written for the Linux FreeS/WAN project
210
<<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>>
212
<A NAME="lbAI"> </A>
216
rather than just reporting the no-IN-KEY-line-found problem,
219
should be smart enough to run the existing key through
225
option, to generate a suitable output line.
228
The need to specify the gateway address (etc.) for
231
is annoying, but there is no good way to determine it automatically.
234
There should be a way to specify the priority value for TXT records;
235
currently it is hardwired to
243
option assumes that the
246
appears on the same line as the
247
<B>: RSA {</B>
249
that begins the key proper.
253
<A NAME="index"> </A><H2>Index</H2>
255
<DT><A HREF="#lbAB">NAME</A><DD>
256
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
257
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
258
<DT><A HREF="#lbAE">DIAGNOSTICS</A><DD>
259
<DT><A HREF="#lbAF">FILES</A><DD>
260
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
261
<DT><A HREF="#lbAH">HISTORY</A><DD>
262
<DT><A HREF="#lbAI">BUGS</A><DD>
265
This document was created by
266
<A HREF="/cgi-bin/man/man2html">man2html</A>,
267
using the manual pages.<BR>
268
Time: 10:29:43 GMT, June 17, 2004