46
68
<refname><command>&COMMANDNAME;</command></refname>
48
Generate key and password for Mandos client and server.
70
Generate keys for <citerefentry><refentrytitle>password-request
71
</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
54
77
<command>&COMMANDNAME;</command>
56
<arg choice="plain"><option>--dir
57
<replaceable>DIRECTORY</replaceable></option></arg>
58
<arg choice="plain"><option>-d
59
<replaceable>DIRECTORY</replaceable></option></arg>
63
<arg choice="plain"><option>--type
64
<replaceable>KEYTYPE</replaceable></option></arg>
65
<arg choice="plain"><option>-t
66
<replaceable>KEYTYPE</replaceable></option></arg>
70
<arg choice="plain"><option>--length
71
<replaceable>BITS</replaceable></option></arg>
72
<arg choice="plain"><option>-l
73
<replaceable>BITS</replaceable></option></arg>
77
<arg choice="plain"><option>--subtype
78
<replaceable>KEYTYPE</replaceable></option></arg>
79
<arg choice="plain"><option>-s
80
<replaceable>KEYTYPE</replaceable></option></arg>
84
<arg choice="plain"><option>--sublength
85
<replaceable>BITS</replaceable></option></arg>
86
<arg choice="plain"><option>-L
87
<replaceable>BITS</replaceable></option></arg>
91
<arg choice="plain"><option>--name
92
<replaceable>NAME</replaceable></option></arg>
93
<arg choice="plain"><option>-n
94
<replaceable>NAME</replaceable></option></arg>
98
<arg choice="plain"><option>--email
99
<replaceable>ADDRESS</replaceable></option></arg>
100
<arg choice="plain"><option>-e
101
<replaceable>ADDRESS</replaceable></option></arg>
105
<arg choice="plain"><option>--comment
106
<replaceable>TEXT</replaceable></option></arg>
107
<arg choice="plain"><option>-c
108
<replaceable>TEXT</replaceable></option></arg>
112
<arg choice="plain"><option>--expire
113
<replaceable>TIME</replaceable></option></arg>
114
<arg choice="plain"><option>-x
115
<replaceable>TIME</replaceable></option></arg>
118
<arg><option>--force</option></arg>
79
<arg choice="plain"><option>--dir</option>
80
<replaceable>directory</replaceable></arg>
83
<arg choice="plain"><option>--type</option>
84
<replaceable>type</replaceable></arg>
87
<arg choice="plain"><option>--length</option>
88
<replaceable>bits</replaceable></arg>
91
<arg choice="plain"><option>--subtype</option>
92
<replaceable>type</replaceable></arg>
95
<arg choice="plain"><option>--sublength</option>
96
<replaceable>bits</replaceable></arg>
99
<arg choice="plain"><option>--name</option>
100
<replaceable>NAME</replaceable></arg>
103
<arg choice="plain"><option>--email</option>
104
<replaceable>EMAIL</replaceable></arg>
107
<arg choice="plain"><option>--comment</option>
108
<replaceable>COMMENT</replaceable></arg>
111
<arg choice="plain"><option>--expire</option>
112
<replaceable>TIME</replaceable></arg>
115
<arg choice="plain"><option>--force</option></arg>
119
<command>&COMMANDNAME;</command>
121
<arg choice="plain"><option>-d</option>
122
<replaceable>directory</replaceable></arg>
125
<arg choice="plain"><option>-t</option>
126
<replaceable>type</replaceable></arg>
129
<arg choice="plain"><option>-l</option>
130
<replaceable>bits</replaceable></arg>
133
<arg choice="plain"><option>-s</option>
134
<replaceable>type</replaceable></arg>
137
<arg choice="plain"><option>-L</option>
138
<replaceable>bits</replaceable></arg>
141
<arg choice="plain"><option>-n</option>
142
<replaceable>NAME</replaceable></arg>
145
<arg choice="plain"><option>-e</option>
146
<replaceable>EMAIL</replaceable></arg>
149
<arg choice="plain"><option>-c</option>
150
<replaceable>COMMENT</replaceable></arg>
153
<arg choice="plain"><option>-x</option>
154
<replaceable>TIME</replaceable></arg>
157
<arg choice="plain"><option>-f</option></arg>
121
161
<command>&COMMANDNAME;</command>
122
162
<group choice="req">
163
<arg choice="plain"><option>-p</option></arg>
123
164
<arg choice="plain"><option>--password</option></arg>
124
<arg choice="plain"><option>-p</option></arg>
125
<arg choice="plain"><option>--passfile
126
<replaceable>FILE</replaceable></option></arg>
127
<arg choice="plain"><option>-F</option>
128
<replaceable>FILE</replaceable></arg>
132
<arg choice="plain"><option>--dir
133
<replaceable>DIRECTORY</replaceable></option></arg>
134
<arg choice="plain"><option>-d
135
<replaceable>DIRECTORY</replaceable></option></arg>
139
<arg choice="plain"><option>--name
140
<replaceable>NAME</replaceable></option></arg>
141
<arg choice="plain"><option>-n
142
<replaceable>NAME</replaceable></option></arg>
167
<arg choice="plain"><option>--dir</option>
168
<replaceable>directory</replaceable></arg>
171
<arg choice="plain"><option>--name</option>
172
<replaceable>NAME</replaceable></arg>
146
176
<command>&COMMANDNAME;</command>
147
177
<group choice="req">
178
<arg choice="plain"><option>-h</option></arg>
148
179
<arg choice="plain"><option>--help</option></arg>
149
<arg choice="plain"><option>-h</option></arg>
153
183
<command>&COMMANDNAME;</command>
154
184
<group choice="req">
185
<arg choice="plain"><option>-v</option></arg>
155
186
<arg choice="plain"><option>--version</option></arg>
156
<arg choice="plain"><option>-v</option></arg>
159
189
</refsynopsisdiv>
161
191
<refsect1 id="description">
162
192
<title>DESCRIPTION</title>
164
194
<command>&COMMANDNAME;</command> is a program to generate the
166
<citerefentry><refentrytitle>mandos-client</refentrytitle>
167
<manvolnum>8mandos</manvolnum></citerefentry>. The key is
196
<citerefentry><refentrytitle>password-request</refentrytitle>
197
<manvolnum>8mandos</manvolnum></citerefentry>. The keys are
168
198
normally written to /etc/mandos for later installation into the
169
initrd image, but this, and most other things, can be changed
170
with command line options.
199
initrd image, but this, like most things, can be changed with
200
command line options.
173
This program can also be used with the
174
<option>--password</option> or <option>--passfile</option>
175
options to generate a ready-made section for
176
<filename>clients.conf</filename> (see
203
It can also be used to generate ready-made sections for
177
204
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
178
<manvolnum>5</manvolnum></citerefentry>).
205
<manvolnum>5</manvolnum></citerefentry> using the
206
<option>--password</option> option.
182
210
<refsect1 id="purpose">
183
211
<title>PURPOSE</title>
185
214
The purpose of this is to enable <emphasis>remote and unattended
186
215
rebooting</emphasis> of client host computer with an
187
216
<emphasis>encrypted root file system</emphasis>. See <xref
188
217
linkend="overview"/> for details.
192
222
<refsect1 id="options">
193
223
<title>OPTIONS</title>
197
<term><option>--help</option></term>
198
<term><option>-h</option></term>
227
<term><literal>-h</literal>, <literal>--help</literal></term>
201
230
Show a help message and exit
208
<replaceable>DIRECTORY</replaceable></option></term>
210
<replaceable>DIRECTORY</replaceable></option></term>
236
<term><literal>-d</literal>, <literal>--dir
237
<replaceable>directory</replaceable></literal></term>
213
240
Target directory for key files. Default is
432
431
Normal invocation needs no options:
435
<userinput>&COMMANDNAME;</userinput>
434
<userinput>mandos-keygen</userinput>
437
436
</informalexample>
438
437
<informalexample>
440
Create key in another directory and of another type. Force
439
Create keys in another directory and of another type. Force
441
440
overwriting old key files:
445
444
<!-- do not wrap this line -->
446
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
452
Prompt for a password, encrypt it with the key in
453
<filename>/etc/mandos</filename> and output a section suitable
454
for <filename>clients.conf</filename>.
457
<userinput>&COMMANDNAME; --password</userinput>
462
Prompt for a password, encrypt it with the key in the
463
<filename>client-key</filename> directory and output a section
464
suitable for <filename>clients.conf</filename>.
468
<!-- do not wrap this line -->
469
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
445
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
472
448
</informalexample>
475
451
<refsect1 id="security">
476
452
<title>SECURITY</title>
478
454
The <option>--type</option>, <option>--length</option>,
479
455
<option>--subtype</option>, and <option>--sublength</option>
480
options can be used to create keys of low security. If in
481
doubt, leave them to the default values.
456
options can be used to create keys of insufficient security. If
457
in doubt, leave them to the default values.
484
The key expire time is <emphasis>not</emphasis> guaranteed to be
485
honored by <citerefentry><refentrytitle>mandos</refentrytitle>
460
The key expire time is not guaranteed to be honored by
461
<citerefentry><refentrytitle>mandos</refentrytitle>
486
462
<manvolnum>8</manvolnum></citerefentry>.
490
466
<refsect1 id="see_also">
491
467
<title>SEE ALSO</title>
469
<citerefentry><refentrytitle>password-request</refentrytitle>
470
<manvolnum>8mandos</manvolnum></citerefentry>,
471
<citerefentry><refentrytitle>mandos</refentrytitle>
472
<manvolnum>8</manvolnum></citerefentry>,
493
473
<citerefentry><refentrytitle>gpg</refentrytitle>
494
<manvolnum>1</manvolnum></citerefentry>,
495
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
496
<manvolnum>5</manvolnum></citerefentry>,
497
<citerefentry><refentrytitle>mandos</refentrytitle>
498
<manvolnum>8</manvolnum></citerefentry>,
499
<citerefentry><refentrytitle>mandos-client</refentrytitle>
500
<manvolnum>8mandos</manvolnum></citerefentry>
474
<manvolnum>1</manvolnum></citerefentry>