The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

ipsec_newhostkey (8)
  • >> ipsec_newhostkey (8) ( Разные man: Команды системного администрирования )
    •  

    NAME

    ipsec newhostkey - generate a new host authentication key
 

    SYNOPSIS

    ipsec newhostkey --output filename [ --quiet ] \
    [ --bits n ] [ --hostname host ]  

    DESCRIPTION

    Newhostkey outputs (into filename, which can be `-' for standard output) an RSA private key suitable for this host, in /etc/openswan/ipsec.secrets format (see ipsec.secrets(5)). Normally, newhostkey invokes rsasigkey (see ipsec_rsasigkey(8)) with the --verbose option, so a narrative of what is being done appears on standard error.

    The --output specifier, although it is syntactically an option and can appear at any point among the options (it doesn't have to be first), is not optional. The specified filename is created under umask 077 if nonexistent; if it already exists and is non-empty, a warning message about that is sent to standard error, and the output is appended to the file.

    The --quiet option suppresses both the rsasigkey narrative and the existing-file warning message.

    The --bits option specifies the number of bits in the key; the current default is 2192 and we do not recommend use of anything shorter unless unusual constraints demand it.

    The --hostname option is passed through to rsasigkey to tell it what host name to label the output with (via its --hostname option).

    The output format is that of rsasigkey, with bracketing added to complete the ipsec.secrets format. In the usual case, where ipsec.secrets contains only the host's own private key, the output of newhostkey is sufficient as a complete ipsec.secrets file.  

    SEE ALSO

    ipsec.secrets(5), ipsec_rsasigkey(8)  

    HISTORY

    Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer.  

    BUGS

    As with rsasigkey, the run time is difficult to predict, since depletion of the system's randomness pool can cause arbitrarily long waits for random bits, and the prime-number searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec_rsasigkey(8) for some typical performance numbers.

    A higher-level tool which could handle the clerical details of changing to a new key would be helpful.

    The requirement for --output is a blemish, but private keys are extremely sensitive information and unusual precautions seem justified.

     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    SEE ALSO
    HISTORY
    BUGS

    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей     		Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру