49
68
<refname><command>&COMMANDNAME;</command></refname>
51
Generate key and password for Mandos client and server.
70
Generate keys for <citerefentry><refentrytitle>password-request
71
</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
57
77
<command>&COMMANDNAME;</command>
59
<arg choice="plain"><option>--dir
60
<replaceable>DIRECTORY</replaceable></option></arg>
61
<arg choice="plain"><option>-d
62
<replaceable>DIRECTORY</replaceable></option></arg>
66
<arg choice="plain"><option>--type
67
<replaceable>KEYTYPE</replaceable></option></arg>
68
<arg choice="plain"><option>-t
69
<replaceable>KEYTYPE</replaceable></option></arg>
73
<arg choice="plain"><option>--length
74
<replaceable>BITS</replaceable></option></arg>
75
<arg choice="plain"><option>-l
76
<replaceable>BITS</replaceable></option></arg>
80
<arg choice="plain"><option>--subtype
81
<replaceable>KEYTYPE</replaceable></option></arg>
82
<arg choice="plain"><option>-s
83
<replaceable>KEYTYPE</replaceable></option></arg>
87
<arg choice="plain"><option>--sublength
88
<replaceable>BITS</replaceable></option></arg>
89
<arg choice="plain"><option>-L
90
<replaceable>BITS</replaceable></option></arg>
94
<arg choice="plain"><option>--name
95
<replaceable>NAME</replaceable></option></arg>
96
<arg choice="plain"><option>-n
97
<replaceable>NAME</replaceable></option></arg>
101
<arg choice="plain"><option>--email
102
<replaceable>ADDRESS</replaceable></option></arg>
103
<arg choice="plain"><option>-e
104
<replaceable>ADDRESS</replaceable></option></arg>
108
<arg choice="plain"><option>--comment
109
<replaceable>TEXT</replaceable></option></arg>
110
<arg choice="plain"><option>-c
111
<replaceable>TEXT</replaceable></option></arg>
115
<arg choice="plain"><option>--expire
116
<replaceable>TIME</replaceable></option></arg>
117
<arg choice="plain"><option>-x
118
<replaceable>TIME</replaceable></option></arg>
121
<arg><option>--force</option></arg>
79
<arg choice="plain"><option>--dir</option>
80
<replaceable>directory</replaceable></arg>
83
<arg choice="plain"><option>--type</option>
84
<replaceable>type</replaceable></arg>
87
<arg choice="plain"><option>--length</option>
88
<replaceable>bits</replaceable></arg>
91
<arg choice="plain"><option>--subtype</option>
92
<replaceable>type</replaceable></arg>
95
<arg choice="plain"><option>--sublength</option>
96
<replaceable>bits</replaceable></arg>
99
<arg choice="plain"><option>--name</option>
100
<replaceable>NAME</replaceable></arg>
103
<arg choice="plain"><option>--email</option>
104
<replaceable>EMAIL</replaceable></arg>
107
<arg choice="plain"><option>--comment</option>
108
<replaceable>COMMENT</replaceable></arg>
111
<arg choice="plain"><option>--expire</option>
112
<replaceable>TIME</replaceable></arg>
115
<arg choice="plain"><option>--force</option></arg>
119
<command>&COMMANDNAME;</command>
121
<arg choice="plain"><option>-d</option>
122
<replaceable>directory</replaceable></arg>
125
<arg choice="plain"><option>-t</option>
126
<replaceable>type</replaceable></arg>
129
<arg choice="plain"><option>-l</option>
130
<replaceable>bits</replaceable></arg>
133
<arg choice="plain"><option>-s</option>
134
<replaceable>type</replaceable></arg>
137
<arg choice="plain"><option>-L</option>
138
<replaceable>bits</replaceable></arg>
141
<arg choice="plain"><option>-n</option>
142
<replaceable>NAME</replaceable></arg>
145
<arg choice="plain"><option>-e</option>
146
<replaceable>EMAIL</replaceable></arg>
149
<arg choice="plain"><option>-c</option>
150
<replaceable>COMMENT</replaceable></arg>
153
<arg choice="plain"><option>-x</option>
154
<replaceable>TIME</replaceable></arg>
157
<arg choice="plain"><option>-f</option></arg>
124
161
<command>&COMMANDNAME;</command>
125
162
<group choice="req">
163
<arg choice="plain"><option>-p</option></arg>
126
164
<arg choice="plain"><option>--password</option></arg>
127
<arg choice="plain"><option>-p</option></arg>
128
<arg choice="plain"><option>--passfile
129
<replaceable>FILE</replaceable></option></arg>
130
<arg choice="plain"><option>-F</option>
131
<replaceable>FILE</replaceable></arg>
135
<arg choice="plain"><option>--dir
136
<replaceable>DIRECTORY</replaceable></option></arg>
137
<arg choice="plain"><option>-d
138
<replaceable>DIRECTORY</replaceable></option></arg>
142
<arg choice="plain"><option>--name
143
<replaceable>NAME</replaceable></option></arg>
144
<arg choice="plain"><option>-n
145
<replaceable>NAME</replaceable></option></arg>
167
<arg choice="plain"><option>--dir</option>
168
<replaceable>directory</replaceable></arg>
171
<arg choice="plain"><option>--name</option>
172
<replaceable>NAME</replaceable></arg>
149
176
<command>&COMMANDNAME;</command>
150
177
<group choice="req">
178
<arg choice="plain"><option>-h</option></arg>
151
179
<arg choice="plain"><option>--help</option></arg>
152
<arg choice="plain"><option>-h</option></arg>
156
183
<command>&COMMANDNAME;</command>
157
184
<group choice="req">
185
<arg choice="plain"><option>-v</option></arg>
158
186
<arg choice="plain"><option>--version</option></arg>
159
<arg choice="plain"><option>-v</option></arg>
162
189
</refsynopsisdiv>
164
191
<refsect1 id="description">
165
192
<title>DESCRIPTION</title>
167
194
<command>&COMMANDNAME;</command> is a program to generate the
169
<citerefentry><refentrytitle>mandos-client</refentrytitle>
170
<manvolnum>8mandos</manvolnum></citerefentry>. The key is
196
<citerefentry><refentrytitle>password-request</refentrytitle>
197
<manvolnum>8mandos</manvolnum></citerefentry>. The keys are
171
198
normally written to /etc/mandos for later installation into the
172
initrd image, but this, and most other things, can be changed
173
with command line options.
199
initrd image, but this, like most things, can be changed with
200
command line options.
176
This program can also be used with the
177
<option>--password</option> or <option>--passfile</option>
178
options to generate a ready-made section for
179
<filename>clients.conf</filename> (see
203
It can also be used to generate ready-made sections for
180
204
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
181
<manvolnum>5</manvolnum></citerefentry>).
205
<manvolnum>5</manvolnum></citerefentry> using the
206
<option>--password</option> option.
185
210
<refsect1 id="purpose">
186
211
<title>PURPOSE</title>
188
214
The purpose of this is to enable <emphasis>remote and unattended
189
215
rebooting</emphasis> of client host computer with an
190
216
<emphasis>encrypted root file system</emphasis>. See <xref
191
217
linkend="overview"/> for details.
195
222
<refsect1 id="options">
196
223
<title>OPTIONS</title>
200
<term><option>--help</option></term>
201
<term><option>-h</option></term>
227
<term><literal>-h</literal>, <literal>--help</literal></term>
204
230
Show a help message and exit
211
<replaceable>DIRECTORY</replaceable></option></term>
213
<replaceable>DIRECTORY</replaceable></option></term>
236
<term><literal>-d</literal>, <literal>--dir
237
<replaceable>directory</replaceable></literal></term>
216
240
Target directory for key files. Default is
435
431
Normal invocation needs no options:
438
<userinput>&COMMANDNAME;</userinput>
434
<userinput>mandos-keygen</userinput>
440
436
</informalexample>
441
437
<informalexample>
443
Create key in another directory and of another type. Force
439
Create keys in another directory and of another type. Force
444
440
overwriting old key files:
448
444
<!-- do not wrap this line -->
449
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
455
Prompt for a password, encrypt it with the key in
456
<filename>/etc/mandos</filename> and output a section suitable
457
for <filename>clients.conf</filename>.
460
<userinput>&COMMANDNAME; --password</userinput>
465
Prompt for a password, encrypt it with the key in the
466
<filename>client-key</filename> directory and output a section
467
suitable for <filename>clients.conf</filename>.
471
<!-- do not wrap this line -->
472
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
445
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
475
448
</informalexample>
478
451
<refsect1 id="security">
479
452
<title>SECURITY</title>
481
454
The <option>--type</option>, <option>--length</option>,
482
455
<option>--subtype</option>, and <option>--sublength</option>
483
options can be used to create keys of low security. If in
484
doubt, leave them to the default values.
456
options can be used to create keys of insufficient security. If
457
in doubt, leave them to the default values.
487
The key expire time is <emphasis>not</emphasis> guaranteed to be
488
honored by <citerefentry><refentrytitle>mandos</refentrytitle>
460
The key expire time is not guaranteed to be honored by
461
<citerefentry><refentrytitle>mandos</refentrytitle>
489
462
<manvolnum>8</manvolnum></citerefentry>.
493
466
<refsect1 id="see_also">
494
467
<title>SEE ALSO</title>
496
<citerefentry><refentrytitle>intro</refentrytitle>
469
<citerefentry><refentrytitle>password-request</refentrytitle>
497
470
<manvolnum>8mandos</manvolnum></citerefentry>,
471
<citerefentry><refentrytitle>mandos</refentrytitle>
472
<manvolnum>8</manvolnum></citerefentry>,
498
473
<citerefentry><refentrytitle>gpg</refentrytitle>
499
<manvolnum>1</manvolnum></citerefentry>,
500
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
501
<manvolnum>5</manvolnum></citerefentry>,
502
<citerefentry><refentrytitle>mandos</refentrytitle>
503
<manvolnum>8</manvolnum></citerefentry>,
504
<citerefentry><refentrytitle>mandos-client</refentrytitle>
505
<manvolnum>8mandos</manvolnum></citerefentry>
474
<manvolnum>1</manvolnum></citerefentry>