Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipsec_showhostkey(8) [centos man page]

IPSEC_SHOWHOSTKEY(8)						Executable programs					      IPSEC_SHOWHOSTKEY(8)

NAME

       ipsec_showhostkey - show host's authentication key

SYNOPSIS

       ipsec showhostkey [--ipseckey] [--left] [--right] [--dump] [--verbose] [--version] [--list] [--gateway gateway] [--precedence precedence]
	     [--dhclient] [--file secretfile] [--keynum count] [--id identity]

DESCRIPTION

       Showhostkey outputs (on standard output) a public key suitable for this host, in the format specified, using the host key information
       stored in /etc/ipsec.secrets. In general only the super-user can run this command, since only he can read ipsec.secrets.

       The --left and --right options cause the output to be in ipsec.conf(5) format, as a leftrsasigkey or rightrsasigkey parameter respectively.
       Generation information is included if available. For example, --left might give (with the key data trimmed down for clarity):

	     # RSA 2048 bits   xy.example.com	Sat Apr 15 13:53:22 2000
	     leftrsasigkey=0sAQOF8tZ2...+buFuFn/

       The --ipseckey option causes the output to be in opportunistic-encryption DNS IPSECKEY record format (RFC 4025). A gateway can be specified
       with the --gateway, which currently supports IPv4 and IPv6 addresses. The host name is the one included in the key information (or, if that
       is not available, the output of hostname --fqdn), with a .  appended. For example, --ipseckey --gateway 10.11.12.13 might give (with the
       key data trimmed for clarity):

		 IN    IPSECKEY  10 1 2 10.11.12.13  AQOF8tZ2...+buFuFn/"

       The --version option causes the version of the binary to be emitted, and nothing else.

       The --verbose may be present one or more times. Each occurance increases the verbosity level.

       The --dhclient option cause the output to be suitable for inclusion in dhclient.conf(5) as part of configuring WAVEsec. See
       <http://www.wavesec.org>.

       Normally, the default key for this host (the one with no host identities specified for it) is the one extracted. The --id option overrides
       this, causing extraction of the key labeled with the specified identity, if any. The specified identity must exactly match the identity in
       the file; in particular, the comparison is case-sensitive.

       There may also be multiple keys with the same identity. All keys are numbered based upon their linear sequence in the file (including all
       include directives)

       The --file option overrides the default for where the key information should be found, and takes it from the specified secretfile.

DIAGNOSTICS

       A complaint about "no pubkey line found" indicates that the host has a key but it was generated with an old version of FreeS/WAN and does
       not contain the information that showhostkey needs.

FILES

       /etc/ipsec.secrets

SEE ALSO

       ipsec.secrets(5), ipsec.conf(5), ipsec_rsasigkey(8)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters for the IPSECKEY format.

BUGS

       Arguably, rather than just reporting the no-IN-KEY-line-found problem, showhostkey should be smart enough to run the existing key through
       rsasigkey with the --oldkey option, to generate a suitable output line.

       The --id option assumes that the identity appears on the same line as the : RSA { that begins the key proper.

AUTHOR

       Paul Wouters
	   placeholder to suppress warning

libreswan							    12/16/2012						      IPSEC_SHOWHOSTKEY(8)

Check Out this Related Man Page

IPSEC_BARF(8)							Executable programs						     IPSEC_BARF(8)

NAME

       ipsec_barf - spew out collected IPsec debugging information

SYNOPSIS

       ipsec barf [--short --maxlines <100>]

DESCRIPTION

       Barf outputs (on standard output) a collection of debugging information (contents of files, selections from logs, etc.) related to the
       IPsec encryption/authentication system. It is primarily a convenience for remote debugging, a single command which packages up (and labels)
       all information that might be relevant to diagnosing a problem in IPsec.

       The --short option limits the length of the log portion of barf's output, which can otherwise be extremely voluminous if debug logging is
       turned on.

       --maxlines <100> option sets the length of some bits of information, currently netstat -rn. Useful on boxes where the routing table is
       thousands of lines long. Default is 100.

       Barf censors its output, replacing keys and secrets with brief checksums to avoid revealing sensitive information.

       Beware that the output of both commands is aimed at humans, not programs, and the output format is subject to change without warning.

       Barf has to figure out which files in /var/log contain the IPsec log messages. It looks for KLIPS and general log messages first in
       messages and syslog, and for Pluto messages first in secure, auth.log, and debug. In both cases, if it does not find what it is looking for
       in one of those "likely" places, it will resort to a brute-force search of most (non-compressed) files in /var/log.

FILES

	   /proc/net/*
	   /var/log/*
	   /etc/ipsec.conf
	   /etc/ipsec.secrets

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer.

BUGS

       Barf uses heuristics to try to pick relevant material out of the logs, and relevant messages which are not labelled with any of the tags
       that barf looks for will be lost. We think we've eliminated the last such case, but one never knows...

       Finding updown scripts (so they can be included in output) is, in general, difficult.  Barf uses a very simple heuristic that is easily
       fooled.

       The brute-force search for the right log files can get expensive on systems with a lot of clutter in /var/log.

AUTHOR

       Paul Wouters
	   placeholder to suppress warning

libreswan							    12/16/2012							     IPSEC_BARF(8)
Man Page