Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #51
Difficulty: Easy
The term 'IoT' means the 'Internet of Tomorrow'.
True or False?
Linux & Unix Commands - Search Man Pages

ipsec_showhostkey(8) [centos man page]

IPSEC_SHOWHOSTKEY(8)						Executable programs					      IPSEC_SHOWHOSTKEY(8)

NAME
ipsec_showhostkey - show host's authentication key SYNOPSIS
ipsec showhostkey [--ipseckey] [--left] [--right] [--dump] [--verbose] [--version] [--list] [--gateway gateway] [--precedence precedence] [--dhclient] [--file secretfile] [--keynum count] [--id identity] DESCRIPTION
Showhostkey outputs (on standard output) a public key suitable for this host, in the format specified, using the host key information stored in /etc/ipsec.secrets. In general only the super-user can run this command, since only he can read ipsec.secrets. The --left and --right options cause the output to be in ipsec.conf(5) format, as a leftrsasigkey or rightrsasigkey parameter respectively. Generation information is included if available. For example, --left might give (with the key data trimmed down for clarity): # RSA 2048 bits xy.example.com Sat Apr 15 13:53:22 2000 leftrsasigkey=0sAQOF8tZ2...+buFuFn/ The --ipseckey option causes the output to be in opportunistic-encryption DNS IPSECKEY record format (RFC 4025). A gateway can be specified with the --gateway, which currently supports IPv4 and IPv6 addresses. The host name is the one included in the key information (or, if that is not available, the output of hostname --fqdn), with a . appended. For example, --ipseckey --gateway 10.11.12.13 might give (with the key data trimmed for clarity): IN IPSECKEY 10 1 2 10.11.12.13 AQOF8tZ2...+buFuFn/" The --version option causes the version of the binary to be emitted, and nothing else. The --verbose may be present one or more times. Each occurance increases the verbosity level. The --dhclient option cause the output to be suitable for inclusion in dhclient.conf(5) as part of configuring WAVEsec. See <http://www.wavesec.org>. Normally, the default key for this host (the one with no host identities specified for it) is the one extracted. The --id option overrides this, causing extraction of the key labeled with the specified identity, if any. The specified identity must exactly match the identity in the file; in particular, the comparison is case-sensitive. There may also be multiple keys with the same identity. All keys are numbered based upon their linear sequence in the file (including all include directives) The --file option overrides the default for where the key information should be found, and takes it from the specified secretfile. DIAGNOSTICS
A complaint about "no pubkey line found" indicates that the host has a key but it was generated with an old version of FreeS/WAN and does not contain the information that showhostkey needs. FILES
/etc/ipsec.secrets SEE ALSO
ipsec.secrets(5), ipsec.conf(5), ipsec_rsasigkey(8) HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters for the IPSECKEY format. BUGS
Arguably, rather than just reporting the no-IN-KEY-line-found problem, showhostkey should be smart enough to run the existing key through rsasigkey with the --oldkey option, to generate a suitable output line. The --id option assumes that the identity appears on the same line as the : RSA { that begins the key proper. AUTHOR
Paul Wouters placeholder to suppress warning libreswan 12/16/2012 IPSEC_SHOWHOSTKEY(8)

Check Out this Related Man Page

IPSEC_KLIPSDEBUG(8)						Executable programs					       IPSEC_KLIPSDEBUG(8)

NAME
ipsec_klipsdebug - set KLIPS and MAST debug features and level. Other stacks are not supported. SYNOPSIS
ipsec klipsdebug ipsec klipsdebug --set flagname ipsec klipsdebug --clear flagname ipsec klipsdebug --all ipsec klipsdebug --none ipsec klipsdebug --help ipsec klipsdebug --version DESCRIPTION
Klipsdebug sets and clears flags that control various parts of the debugging output of Klips (the kernel portion of FreeS/WAN IPSEC). The form with no additional arguments lists the present contents of /proc/net/ipsec_klipsdebug. The --set form turns the specified flag on, while the --clear form turns the specified flag off. The --all form turns all flags on except verbose, while the --none form turns all flags off. The current flag names are: tunnel tunnelling code tunnel-xmit tunnelling transmit only code pfkey userspace communication code xform transform selection and manipulation code eroute eroute table manipulation code spi SA table manipulation code radij radij tree manipulation code esp encryptions transforms code ah authentication transforms code rcv receive code ipcomp ip compression transforms code verbose give even more information, BEWARE: a)this will print authentication and encryption keys in the logs b)this will probably trample the 4k kernel printk buffer giving inaccurate output All Klips debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages. Beware that klipsdebug --all produces a lot of output and the log file will grow quickly. The file format for /proc/net/ipsec_klipsdebug is discussed in ipsec_klipsdebug(5). EXAMPLES
klipsdebug --all turns on all KLIPS debugging except verbose. klipsdebug --clear tunnel turns off only the tunnel debugging messages. FILES
/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec SEE ALSO
ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5) HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. BUGS
It really ought to be possible to set or unset selective combinations of flags. AUTHOR
Paul Wouters placeholder to suppress warning libreswan 12/16/2012 IPSEC_KLIPSDEBUG(8)

Featured Tech Videos