1 Content-type: text/html
3 <HTML><HEAD><TITLE>Manpage of IPSEC_SHOWHOSTKEY
</TITLE>
5 <H1>IPSEC_SHOWHOSTKEY
</H1>
6 Section: Maintenance Commands (
8)
<BR>Updated:
5 March
2002<BR><A HREF=
"#index">Index
</A>
7 <A HREF=
"http://localhost/cgi-bin/man/man2html">Return to Main Contents
</A><HR>
10 <A NAME=
"lbAB"> </A>
13 ipsec showhostkey - show host's authentication key
14 <A NAME=
"lbAC"> </A>
46 <A NAME=
"lbAD"> </A>
51 outputs (on standard output) a public key suitable for this host,
52 in the format specified,
53 using the host key information stored in
54 <I>/etc/ipsec.secrets
</I>.
56 In general only the super-user can run this command,
57 since only he can read
65 option causes the output to be in opportunistic-encryption DNS TXT record
71 If information about how the key was generated is available,
72 that is provided as a DNS-file comment.
74 <B>--txt
10.11.12.13</B>
76 might give (with the key data trimmed for clarity):
80 ; RSA
2048 bits xy.example.com Sat Apr
15 13:
53:
22 2000
81 IN TXT
"X-IPsec-Server(
10)=
10.11.12.13 AQOF8tZ2...+buFuFn/
"
86 No name is supplied in the TXT record
87 because there are too many possibilities,
88 depending on how it will be used.
89 If the text string is longer than
255 bytes,
90 it is split up into multiple strings (matching the restrictions of
91 the DNS TXT binary format).
92 If any split is needed, the first split will be at the start of the key:
93 this increases the chances that later hand editing will work.
102 options cause the output to be in
103 <I><A HREF=
"ipsec.conf.5.html">ipsec.conf
</A></I>(
5)
109 <B>rightrsasigkey
</B>
111 parameter respectively.
112 Again, generation information is included if available.
116 might give (with the key data trimmed down for clarity):
120 # RSA
2048 bits xy.example.com Sat Apr
15 13:
53:
22 2000
121 leftrsasigkey=
0sAQOF8tZ2...+buFuFn/
129 option cause the output to be suitable for inclusion in
130 <I><A HREF=
"dhclient.conf.5.html">dhclient.conf
</A></I>(
5)
132 as part of configuring WAVEsec.
133 See
<<A HREF=
"http://www.wavesec.org">http://www.wavesec.org
</A>>.
140 the output format is the text form of a DNS KEY record;
141 the host name is the one included in the key information
142 (or, if that is not available,
144 <B>hostname
--fqdn
</B>),
150 Again, generation information is included if available.
151 For example (with the key data trimmed down for clarity):
155 ; RSA
2048 bits xy.example.com Sat Apr
15 13:
53:
22 2000
156 xy.example.com. IN KEY
0x4200 4 1 AQOF8tZ2...+buFuFn/
161 Normally, the default key for this host
162 (the one with no host identities specified for it) is the one extracted.
166 option overrides this,
167 causing extraction of the key labeled with the specified
177 match the identity in the file;
178 in particular, the comparison is case-sensitive.
184 option overrides the default for where the key information should be
185 found, and takes it from the specified
188 <A NAME=
"lbAE"> </A>
191 A complaint about ``no pubkey line found'' indicates that the
192 host has a key but it was generated with an old version of FreeS/WAN
193 and does not contain the information that
197 <A NAME=
"lbAF"> </A>
201 <A NAME=
"lbAG"> </A>
204 <A HREF=
"ipsec.secrets.5.html">ipsec.secrets
</A>(
5),
<A HREF=
"ipsec.conf.5.html">ipsec.conf
</A>(
5),
<A HREF=
"ipsec_rsasigkey.8.html">ipsec_rsasigkey
</A>(
8)
205 <A NAME=
"lbAH"> </A>
208 Written for the Linux FreeS/WAN project
209 <<A HREF=
"http://www.freeswan.org">http://www.freeswan.org
</A>>
211 <A NAME=
"lbAI"> </A>
215 rather than just reporting the no-IN-KEY-line-found problem,
218 should be smart enough to run the existing key through
224 option, to generate a suitable output line.
227 The need to specify the gateway address (etc.) for
230 is annoying, but there is no good way to determine it automatically.
233 There should be a way to specify the priority value for TXT records;
234 currently it is hardwired to
242 option assumes that the
245 appears on the same line as the
246 <B>:
RSA
{
</B>
248 that begins the key proper.
252 <A NAME=
"index"> </A><H2>Index
</H2>
254 <DT><A HREF=
"#lbAB">NAME
</A><DD>
255 <DT><A HREF=
"#lbAC">SYNOPSIS
</A><DD>
256 <DT><A HREF=
"#lbAD">DESCRIPTION
</A><DD>
257 <DT><A HREF=
"#lbAE">DIAGNOSTICS
</A><DD>
258 <DT><A HREF=
"#lbAF">FILES
</A><DD>
259 <DT><A HREF=
"#lbAG">SEE ALSO
</A><DD>
260 <DT><A HREF=
"#lbAH">HISTORY
</A><DD>
261 <DT><A HREF=
"#lbAI">BUGS
</A><DD>
264 This document was created by
265 <A HREF=
"http://localhost/cgi-bin/man/man2html">man2html
</A>,
266 using the manual pages.
<BR>
267 Time:
21:
40:
18 GMT, November
11,
2003