/mandos/release : revision 114

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-29 07:30:17 UTC
Revision ID: teddy@fukt.bsnet.se-20080829073017-tvryowganbf75zp5

* mandos-clients.conf.xml (SEE ALSO): Alphabetized, as per
                                      man-pages(7).
* mandos-keygen.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.xml: - '' -
* plugins.d/password-request.xml (SEE ALSO): Changed from an
                                             <itemizedlist> to a
                                             <para>, as per
                                             man-pages(7).  Also
                                             alphabetize.

files modified:
TODO

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-08-31">

<!ENTITY TIMESTAMP "2008-08-29">

<refname><command>&COMMANDNAME;</command></refname>

Generate key and password for Mandos client and server.

Generate keys for <citerefentry><refentrytitle>password-request

</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--dir

<replaceable>DIRECTORY</replaceable></option></arg>

<arg choice="plain"><option>-d

<replaceable>DIRECTORY</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--type

<replaceable>KEYTYPE</replaceable></option></arg>

<arg choice="plain"><option>-t

<replaceable>KEYTYPE</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--length

<arg choice="plain"><option>-l

</group>

<sbr/>

<group>

<arg choice="plain"><option>--subtype

100

<replaceable>KEYTYPE</replaceable></option></arg>

101

<arg choice="plain"><option>-s

102

<replaceable>KEYTYPE</replaceable></option></arg>

103

</group>

104

<sbr/>

105

<group>

106

<arg choice="plain"><option>--sublength

107

108

<arg choice="plain"><option>-L

109

110

</group>

111

<sbr/>

112

<group>

113

<arg choice="plain"><option>--name

114

115

<arg choice="plain"><option>-n

116

117

</group>

118

<sbr/>

119

<group>

120

<arg choice="plain"><option>--email

121

<replaceable>ADDRESS</replaceable></option></arg>

122

<arg choice="plain"><option>-e

123

<replaceable>ADDRESS</replaceable></option></arg>

124

</group>

125

<sbr/>

126

<group>

127

<arg choice="plain"><option>--comment

128

129

<arg choice="plain"><option>-c

130

131

</group>

132

<sbr/>

133

<group>

134

<arg choice="plain"><option>--expire

135

136

<arg choice="plain"><option>-x

137

138

</group>

139

<sbr/>

140

<arg><option>--force</option></arg>

<replaceable>directory</replaceable></arg>

</group>

</group>

<arg choice="plain"><option>--length</option>

</group>

<arg choice="plain"><option>--subtype</option>

</group>

<arg choice="plain"><option>--sublength</option>

</group>

100

101

</group>

102

103

<arg choice="plain"><option>--email</option>

104

<replaceable>EMAIL</replaceable></arg>

105

</group>

106

107

<arg choice="plain"><option>--comment</option>

108

<replaceable>COMMENT</replaceable></arg>

109

</group>

110

111

<arg choice="plain"><option>--expire</option>

112

113

</group>

114

115

<arg choice="plain"><option>--force</option></arg>

116

</group>

117

</cmdsynopsis>

118

119

<command>&COMMANDNAME;</command>

120

121

122

<replaceable>directory</replaceable></arg>

123

</group>

124

125

126

127

</group>

128

129

130

131

</group>

132

133

134

135

</group>

136

137

138

139

</group>

140

141

142

143

</group>

144

145

146

<replaceable>EMAIL</replaceable></arg>

147

</group>

148

149

150

<replaceable>COMMENT</replaceable></arg>

151

</group>

152

153

154

155

</group>

156

157

158

</group>

141

159

</cmdsynopsis>

142

160

143

161

<command>&COMMANDNAME;</command>

144

162

163

145

164

<arg choice="plain"><option>--password</option></arg>

146

147

</group>

148

<sbr/>

149

<group>

150

<arg choice="plain"><option>--dir

151

<replaceable>DIRECTORY</replaceable></option></arg>

152

<arg choice="plain"><option>-d

153

<replaceable>DIRECTORY</replaceable></option></arg>

154

</group>

155

<sbr/>

156

<group>

157

<arg choice="plain"><option>--name

158

159

<arg choice="plain"><option>-n

160

165

</group>

166

167

168

<replaceable>directory</replaceable></arg>

169

</group>

170

171

172

161

173

</group>

162

174

</cmdsynopsis>

163

175

164

176

<command>&COMMANDNAME;</command>

165

177

178

166

179

167

168

180

</group>

169

181

</cmdsynopsis>

170

182

171

183

<command>&COMMANDNAME;</command>

172

184

185

173

186

<arg choice="plain"><option>--version</option></arg>

174

175

187

</group>

176

188

</cmdsynopsis>

177

189

</refsynopsisdiv>

178

190

179

191

180

192

<title>DESCRIPTION</title>

181

193

<para>

182

194

<command>&COMMANDNAME;</command> is a program to generate the

183

OpenPGP key used by

195

OpenPGP keys used by

184

196

<citerefentry><refentrytitle>password-request</refentrytitle>

185

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

197

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

186

198

normally written to /etc/mandos for later installation into the

187

initrd image, but this, and most other things, can be changed

188

with command line options.

199

initrd image, but this, like most things, can be changed with

200

command line options.

189

201

</para>

190

202

<para>

191

This program can also be used with the

192

<option>--password</option> option to generate a ready-made

193

section for <filename>clients.conf</filename> (see

203

It can also be used to generate ready-made sections for

194

204

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

195

<manvolnum>5</manvolnum></citerefentry>).

205

<manvolnum>5</manvolnum></citerefentry> using the

206

<option>--password</option> option.

196

207

</para>

197

208

</refsect1>

198

209

199

210

200

211

<title>PURPOSE</title>

212

201

213

<para>

202

214

The purpose of this is to enable <emphasis>remote and unattended

203

215

rebooting</emphasis> of client host computer with an

204

216

<emphasis>encrypted root file system</emphasis>. See <xref

205

217

linkend="overview"/> for details.

206

218

</para>

219

207

220

</refsect1>

208

221

209

222

210

223

<title>OPTIONS</title>

211

224

212

225

213

226

214

215

227

216

228

217

229

<para>

218

230

Show a help message and exit

221

233

</varlistentry>

222

234

223

235

224

<term><option>--dir

225

<replaceable>DIRECTORY</replaceable></option></term>

226

<term><option>-d

227

<replaceable>DIRECTORY</replaceable></option></term>

236

<term><literal>-d</literal>, <literal>--dir

237

<replaceable>directory</replaceable></literal></term>

228

238

229

239

<para>

230

240

Target directory for key files. Default is

234

244

</varlistentry>

235

245

236

246

237

<term><option>--type

238

239

<term><option>-t

240

247

<term><literal>-t</literal>, <literal>--type

248

241

249

242

250

<para>

243

251

Key type. Default is <quote>DSA</quote>.

246

254

</varlistentry>

247

255

248

256

249

<term><option>--length

250

251

<term><option>-l

252

257

<term><literal>-l</literal>, <literal>--length

258

253

259

254

260

<para>

255

261

Key length in bits. Default is 2048.

258

264

</varlistentry>

259

265

260

266

261

<term><option>--subtype

262

<replaceable>KEYTYPE</replaceable></option></term>

263

<term><option>-s

264

<replaceable>KEYTYPE</replaceable></option></term>

267

<term><literal>-s</literal>, <literal>--subtype

268

265

269

266

270

<para>

267

271

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

271

275

</varlistentry>

272

276

273

277

274

<term><option>--sublength

275

276

<term><option>-L

277

278

<term><literal>-L</literal>, <literal>--sublength

279

278

280

279

281

<para>

280

282

Subkey length in bits. Default is 2048.

283

285

</varlistentry>

284

286

285

287

286

<term><option>--email

287

<replaceable>ADDRESS</replaceable></option></term>

288

<term><option>-e

289

<replaceable>ADDRESS</replaceable></option></term>

288

<term><literal>-e</literal>, <literal>--email</literal>

289

<replaceable>address</replaceable></term>

290

291

<para>

292

Email address of key. Default is empty.

295

</varlistentry>

296

297

298

<term><option>--comment

299

300

<term><option>-c

301

298

<term><literal>-c</literal>, <literal>--comment</literal>

299

<replaceable>comment</replaceable></term>

302

300

303

301

<para>

304

302

Comment field for key. The default value is

308

306

</varlistentry>

309

307

310

308

311

<term><option>--expire

312

313

<term><option>-x

314

309

<term><literal>-x</literal>, <literal>--expire</literal>

310

315

311

316

312

<para>

317

313

Key expire time. Default is no expiration. See

322

318

</varlistentry>

323

319

324

320

325

<term><option>--force</option></term>

326

321

<term><literal>-f</literal>, <literal>--force</literal></term>

327

322

328

323

<para>

329

Force overwriting old key.

324

Force overwriting old keys.

330

325

</para>

331

326

</listitem>

332

327

</varlistentry>

333

328

334

<term><option>--password</option></term>

335

329

<term><literal>-p</literal>, <literal>--password</literal

330

></term>

336

331

337

332

<para>

338

333

Prompt for a password and encrypt it with the key already

344

339

>8</manvolnum></citerefentry>. The host name or the name

345

340

specified with the <option>--name</option> option is used

346

341

for the section header. All other options are ignored,

347

and no key is created.

342

and no keys are created.

348

343

</para>

349

344

</listitem>

350

345

</varlistentry>

356

351

<xi:include href="overview.xml"/>

357

352

<para>

358

353

This program is a small utility to generate new OpenPGP keys for

359

new Mandos clients, and to generate sections for inclusion in

360

<filename>clients.conf</filename> on the server.

354

new Mandos clients.

361

355

</para>

362

356

</refsect1>

363

357

364

358

365

359

<title>EXIT STATUS</title>

366

360

<para>

367

The exit status will be 0 if a new key (or password, if the

368

<option>--password</option> option was used) was successfully

369

created, otherwise not.

361

The exit status will be 0 if new keys were successfully created,

362

otherwise not.

370

363

</para>

371

364

</refsect1>

372

365

374

367

<title>ENVIRONMENT</title>

375

368

376

369

377

<term><envar>TMPDIR</envar></term>

370

<term><varname>TMPDIR</varname></term>

378

371

379

372

<para>

380

373

If set, temporary files will be created here. See

443

436

</informalexample>

444

437

445

438

<para>

446

Create key in another directory and of another type. Force

439

Create keys in another directory and of another type. Force

447

440

overwriting old key files:

448

441

</para>

449

442

<para>

453

446

454

447

</para>

455

448

</informalexample>

456

457

<para>

458

Prompt for a password, encrypt it with the key in

459

<filename>/etc/mandos</filename> and output a section suitable

460

for <filename>clients.conf</filename>.

461

</para>

462

<para>

463

<userinput>&COMMANDNAME; --password</userinput>

464

</para>

465

</informalexample>

466

467

<para>

468

Prompt for a password, encrypt it with the key in the

469

<filename>client-key</filename> directory and output a section

470

suitable for <filename>clients.conf</filename>.

471

</para>

472

<para>

473

474

475

<userinput>&COMMANDNAME; --password --dir client-key</userinput>

476

477

</para>

478

</informalexample>

479

449

</refsect1>

480

450

481

451

483

453

<para>

484

454

The <option>--type</option>, <option>--length</option>,

485

455

<option>--subtype</option>, and <option>--sublength</option>

486

options can be used to create keys of low security. If in

487

doubt, leave them to the default values.

456

options can be used to create keys of insufficient security. If

457

in doubt, leave them to the default values.

488

458

</para>

489

459

<para>

490

The key expire time is <emphasis>not</emphasis> guaranteed to be

491

honored by <citerefentry><refentrytitle>mandos</refentrytitle>

460

The key expire time is not guaranteed to be honored by

461

<citerefentry><refentrytitle>mandos</refentrytitle>

492

462

<manvolnum>8</manvolnum></citerefentry>.

493

463

</para>

494

464

</refsect1>

498

468

<para>

499

469

500

470

<manvolnum>1</manvolnum></citerefentry>,

501

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

502

<manvolnum>5</manvolnum></citerefentry>,

503

471

<citerefentry><refentrytitle>mandos</refentrytitle>

504

472

<manvolnum>8</manvolnum></citerefentry>,

505

473

<citerefentry><refentrytitle>password-request</refentrytitle>

Older »