IPSEC_SECRETS(8) Executable programs IPSEC_SECRETS(8)NAME
ipsec_secrets - prompt for PIN codes and passphrases
SYNOPSIS
ipsec secrets
DESCRIPTION
Secrets is an alias for ipsec auto --rereadsecrets and rereads all the secrets in the ipsec.secrets file. The user will be prompted for all
private RSA keys protected by PIN codes and passphrases.
SEE ALSO ipsec.secrets(5)HISTORY
Written for Libreswan <http://www.libreswan.org> by Andreas Steffen.
BUGS
None
AUTHOR
Paul Wouters
placeholder to suppress warning
libreswan 12/16/2012 IPSEC_SECRETS(8)
Check Out this Related Man Page
IPSEC_SHOWHOSTKEY(8) Executable programs IPSEC_SHOWHOSTKEY(8)NAME
ipsec_showhostkey - show host's authentication key
SYNOPSIS
ipsec showhostkey [--ipseckey] [--left] [--right] [--dump] [--verbose] [--version] [--list] [--gateway gateway] [--precedence precedence]
[--dhclient] [--file secretfile] [--keynum count] [--id identity]
DESCRIPTION
Showhostkey outputs (on standard output) a public key suitable for this host, in the format specified, using the host key information
stored in /etc/ipsec.secrets. In general only the super-user can run this command, since only he can read ipsec.secrets.
The --left and --right options cause the output to be in ipsec.conf(5) format, as a leftrsasigkey or rightrsasigkey parameter respectively.
Generation information is included if available. For example, --left might give (with the key data trimmed down for clarity):
# RSA 2048 bits xy.example.com Sat Apr 15 13:53:22 2000
leftrsasigkey=0sAQOF8tZ2...+buFuFn/
The --ipseckey option causes the output to be in opportunistic-encryption DNS IPSECKEY record format (RFC 4025). A gateway can be specified
with the --gateway, which currently supports IPv4 and IPv6 addresses. The host name is the one included in the key information (or, if that
is not available, the output of hostname --fqdn), with a . appended. For example, --ipseckey --gateway 10.11.12.13 might give (with the
key data trimmed for clarity):
IN IPSECKEY 10 1 2 10.11.12.13 AQOF8tZ2...+buFuFn/"
The --version option causes the version of the binary to be emitted, and nothing else.
The --verbose may be present one or more times. Each occurance increases the verbosity level.
The --dhclient option cause the output to be suitable for inclusion in dhclient.conf(5) as part of configuring WAVEsec. See
<http://www.wavesec.org>.
Normally, the default key for this host (the one with no host identities specified for it) is the one extracted. The --id option overrides
this, causing extraction of the key labeled with the specified identity, if any. The specified identity must exactly match the identity in
the file; in particular, the comparison is case-sensitive.
There may also be multiple keys with the same identity. All keys are numbered based upon their linear sequence in the file (including all
include directives)
The --file option overrides the default for where the key information should be found, and takes it from the specified secretfile.
DIAGNOSTICS
A complaint about "no pubkey line found" indicates that the host has a key but it was generated with an old version of FreeS/WAN and does
not contain the information that showhostkey needs.
FILES
/etc/ipsec.secrets
SEE ALSO ipsec.secrets(5), ipsec.conf(5), ipsec_rsasigkey(8)HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters for the IPSECKEY format.
BUGS
Arguably, rather than just reporting the no-IN-KEY-line-found problem, showhostkey should be smart enough to run the existing key through
rsasigkey with the --oldkey option, to generate a suitable output line.
The --id option assumes that the identity appears on the same line as the : RSA { that begins the key proper.
AUTHOR
Paul Wouters
placeholder to suppress warning
libreswan 12/16/2012 IPSEC_SHOWHOSTKEY(8)