1 Content-type: text/html
3 <HTML><HEAD><TITLE>Manpage of IPSEC_SHOWHOSTKEY</TITLE>
5 <H1>IPSEC_SHOWHOSTKEY</H1>
6 Section: Maintenance Commands (8)<BR>Updated: 11 June 2001<BR><A HREF="#index">Index</A>
7 <A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
10 <A NAME="lbAB"> </A>
13 ipsec showhostkey - show host's authentication key
14 <A NAME="lbAC"> </A>
40 <A NAME="lbAD"> </A>
45 outputs (on standard output) a public key suitable for this host,
46 using the host key information stored in
47 <I>/etc/ipsec.secrets</I>.
49 In general only the super-user can run this command,
50 since only he can read
55 By default, the output format is the text form of a DNS KEY record;
56 the host name is the one included in the key information
57 (or, if that is not available,
59 <B>hostname --fqdn</B>),
65 If information about how the key was generated is available,
66 that is provided as a DNS-file comment.
67 For example (with the key data trimmed down for clarity):
71 ; RSA 2048 bits xy.example.com Sat Apr 15 13:53:22 2000
72 xy.example.com. IN KEY 0x4200 4 1 AQOF8tZ2...+buFuFn/
80 option causes the output to be in opportunistic-encryption DNS TXT record
86 Again, generation information is included if available.
88 <B>--txt 10.11.12.13</B>
90 might give (with the key data trimmed for clarity):
94 ; RSA 2048 bits xy.example.com Sat Apr 15 13:53:22 2000
95 IN TXT "X-IPsec-Server(10)=10.11.12.13 AQOF8tZ2...+buFuFn/"
100 No name is supplied in the TXT record
101 because there are too many possibilities,
102 depending on how it will be used.
111 options cause the output to be in
112 <I><A HREF="ipsec.conf.5.html">ipsec.conf</A></I>(5)
118 <B>rightrsasigkey</B>
120 parameter respectively.
121 Again, generation information is included if available.
125 might give (with the key data trimmed down for clarity):
129 # RSA 2048 bits xy.example.com Sat Apr 15 13:53:22 2000
130 leftrsasigkey=0x0103cc2a86fcf440...cf1011abb82d1
135 Normally, the default key for this host is the one extracted.
139 option overrides this,
140 causing extraction of the key labeled with the specified
149 option overrides the default for where the key information should be
150 found, and takes it from the specified
153 <A NAME="lbAE"> </A>
156 A complaint about ``no IN KEY line found'' indicates that the
157 host has a key but it was generated with an old version of FreeS/WAN
158 and does not contain the information that
162 <A NAME="lbAF"> </A>
166 <A NAME="lbAG"> </A>
169 <A HREF="ipsec.secrets.5.html">ipsec.secrets</A>(5), <A HREF="ipsec.conf.5.html">ipsec.conf</A>(5), <A HREF="ipsec_rsasigkey.8.html">ipsec_rsasigkey</A>(8)
170 <A NAME="lbAH"> </A>
173 Written for the Linux FreeS/WAN project
174 <<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>>
176 <A NAME="lbAI"> </A>
180 rather than just reporting the no-IN-KEY-line-found problem,
183 should be smart enough to run the existing key through
189 option, to generate a suitable output line.
192 The need to specify the gateway address (etc.) for
195 is annoying, but there is no good way to determine it automatically.
198 There should be a way to specify the priority value for TXT records;
199 currently it is hardwired to
207 option assumes that the
210 appears on the same line as the
211 <B>: RSA {</B>
213 that begins the key proper.
217 <A NAME="index"> </A><H2>Index</H2>
219 <DT><A HREF="#lbAB">NAME</A><DD>
220 <DT><A HREF="#lbAC">SYNOPSIS</A><DD>
221 <DT><A HREF="#lbAD">DESCRIPTION</A><DD>
222 <DT><A HREF="#lbAE">DIAGNOSTICS</A><DD>
223 <DT><A HREF="#lbAF">FILES</A><DD>
224 <DT><A HREF="#lbAG">SEE ALSO</A><DD>
225 <DT><A HREF="#lbAH">HISTORY</A><DD>
226 <DT><A HREF="#lbAI">BUGS</A><DD>
229 This document was created by
230 <A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
231 using the manual pages.<BR>
232 Time: 05:09:33 GMT, June 19, 2001