/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-10-01 13:56:09 UTC
  • mfrom: (237.7.423 trunk)
  • Revision ID: teddy@recompile.se-20161001135609-y5q39hvf2d95utwf
Merge from trunk

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos-keygen">
6
 
<!ENTITY TIMESTAMP "2008-08-29">
 
5
<!ENTITY TIMESTAMP "2016-03-05">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
7
8
]>
8
9
 
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
    <title>Mandos Manual</title>
12
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
14
    <productname>Mandos</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productnumber>&version;</productnumber>
15
16
    <date>&TIMESTAMP;</date>
16
17
    <authorgroup>
17
18
      <author>
18
19
        <firstname>Björn</firstname>
19
20
        <surname>Påhlsson</surname>
20
21
        <address>
21
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
22
23
        </address>
23
24
      </author>
24
25
      <author>
25
26
        <firstname>Teddy</firstname>
26
27
        <surname>Hogeborn</surname>
27
28
        <address>
28
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
29
30
        </address>
30
31
      </author>
31
32
    </authorgroup>
32
33
    <copyright>
33
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
34
43
      <holder>Teddy Hogeborn</holder>
35
44
      <holder>Björn Påhlsson</holder>
36
45
    </copyright>
37
 
    <legalnotice>
38
 
      <para>
39
 
        This manual page is free software: you can redistribute it
40
 
        and/or modify it under the terms of the GNU General Public
41
 
        License as published by the Free Software Foundation,
42
 
        either version 3 of the License, or (at your option) any
43
 
        later version.
44
 
      </para>
45
 
 
46
 
      <para>
47
 
        This manual page is distributed in the hope that it will
48
 
        be useful, but WITHOUT ANY WARRANTY; without even the
49
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
50
 
        PARTICULAR PURPOSE.  See the GNU General Public License
51
 
        for more details.
52
 
      </para>
53
 
 
54
 
      <para>
55
 
        You should have received a copy of the GNU General Public
56
 
        License along with this program; If not, see
57
 
        <ulink url="http://www.gnu.org/licenses/"/>.
58
 
      </para>
59
 
    </legalnotice>
 
46
    <xi:include href="legalnotice.xml"/>
60
47
  </refentryinfo>
61
 
 
 
48
  
62
49
  <refmeta>
63
50
    <refentrytitle>&COMMANDNAME;</refentrytitle>
64
51
    <manvolnum>8</manvolnum>
67
54
  <refnamediv>
68
55
    <refname><command>&COMMANDNAME;</command></refname>
69
56
    <refpurpose>
70
 
      Generate keys for <citerefentry><refentrytitle>password-request
71
 
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
 
57
      Generate key and password for Mandos client and server.
72
58
    </refpurpose>
73
59
  </refnamediv>
74
 
 
 
60
  
75
61
  <refsynopsisdiv>
76
62
    <cmdsynopsis>
77
63
      <command>&COMMANDNAME;</command>
78
 
      <group choice="opt">
79
 
        <arg choice="plain"><option>--dir</option>
80
 
        <replaceable>directory</replaceable></arg>
81
 
      </group>
82
 
      <group choice="opt">
83
 
        <arg choice="plain"><option>--type</option>
84
 
        <replaceable>type</replaceable></arg>
85
 
      </group>
86
 
      <group choice="opt">
87
 
        <arg choice="plain"><option>--length</option>
88
 
        <replaceable>bits</replaceable></arg>
89
 
      </group>
90
 
      <group choice="opt">
91
 
        <arg choice="plain"><option>--subtype</option>
92
 
        <replaceable>type</replaceable></arg>
93
 
      </group>
94
 
      <group choice="opt">
95
 
        <arg choice="plain"><option>--sublength</option>
96
 
        <replaceable>bits</replaceable></arg>
97
 
      </group>
98
 
      <group choice="opt">
99
 
        <arg choice="plain"><option>--name</option>
100
 
        <replaceable>NAME</replaceable></arg>
101
 
      </group>
102
 
      <group choice="opt">
103
 
        <arg choice="plain"><option>--email</option>
104
 
        <replaceable>EMAIL</replaceable></arg>
105
 
      </group>
106
 
      <group choice="opt">
107
 
        <arg choice="plain"><option>--comment</option>
108
 
        <replaceable>COMMENT</replaceable></arg>
109
 
      </group>
110
 
      <group choice="opt">
111
 
        <arg choice="plain"><option>--expire</option>
112
 
        <replaceable>TIME</replaceable></arg>
113
 
      </group>
114
 
      <group choice="opt">
 
64
      <group>
 
65
        <arg choice="plain"><option>--dir
 
66
        <replaceable>DIRECTORY</replaceable></option></arg>
 
67
        <arg choice="plain"><option>-d
 
68
        <replaceable>DIRECTORY</replaceable></option></arg>
 
69
      </group>
 
70
      <sbr/>
 
71
      <group>
 
72
        <arg choice="plain"><option>--type
 
73
        <replaceable>KEYTYPE</replaceable></option></arg>
 
74
        <arg choice="plain"><option>-t
 
75
        <replaceable>KEYTYPE</replaceable></option></arg>
 
76
      </group>
 
77
      <sbr/>
 
78
      <group>
 
79
        <arg choice="plain"><option>--length
 
80
        <replaceable>BITS</replaceable></option></arg>
 
81
        <arg choice="plain"><option>-l
 
82
        <replaceable>BITS</replaceable></option></arg>
 
83
      </group>
 
84
      <sbr/>
 
85
      <group>
 
86
        <arg choice="plain"><option>--subtype
 
87
        <replaceable>KEYTYPE</replaceable></option></arg>
 
88
        <arg choice="plain"><option>-s
 
89
        <replaceable>KEYTYPE</replaceable></option></arg>
 
90
      </group>
 
91
      <sbr/>
 
92
      <group>
 
93
        <arg choice="plain"><option>--sublength
 
94
        <replaceable>BITS</replaceable></option></arg>
 
95
        <arg choice="plain"><option>-L
 
96
        <replaceable>BITS</replaceable></option></arg>
 
97
      </group>
 
98
      <sbr/>
 
99
      <group>
 
100
        <arg choice="plain"><option>--name
 
101
        <replaceable>NAME</replaceable></option></arg>
 
102
        <arg choice="plain"><option>-n
 
103
        <replaceable>NAME</replaceable></option></arg>
 
104
      </group>
 
105
      <sbr/>
 
106
      <group>
 
107
        <arg choice="plain"><option>--email
 
108
        <replaceable>ADDRESS</replaceable></option></arg>
 
109
        <arg choice="plain"><option>-e
 
110
        <replaceable>ADDRESS</replaceable></option></arg>
 
111
      </group>
 
112
      <sbr/>
 
113
      <group>
 
114
        <arg choice="plain"><option>--comment
 
115
        <replaceable>TEXT</replaceable></option></arg>
 
116
        <arg choice="plain"><option>-c
 
117
        <replaceable>TEXT</replaceable></option></arg>
 
118
      </group>
 
119
      <sbr/>
 
120
      <group>
 
121
        <arg choice="plain"><option>--expire
 
122
        <replaceable>TIME</replaceable></option></arg>
 
123
        <arg choice="plain"><option>-x
 
124
        <replaceable>TIME</replaceable></option></arg>
 
125
      </group>
 
126
      <sbr/>
 
127
      <group>
115
128
        <arg choice="plain"><option>--force</option></arg>
116
 
      </group>
117
 
    </cmdsynopsis>
118
 
    <cmdsynopsis>
119
 
      <command>&COMMANDNAME;</command>
120
 
      <group choice="opt">
121
 
        <arg choice="plain"><option>-d</option>
122
 
        <replaceable>directory</replaceable></arg>
123
 
      </group>
124
 
      <group choice="opt">
125
 
        <arg choice="plain"><option>-t</option>
126
 
        <replaceable>type</replaceable></arg>
127
 
      </group>
128
 
      <group choice="opt">
129
 
        <arg choice="plain"><option>-l</option>
130
 
        <replaceable>bits</replaceable></arg>
131
 
      </group>
132
 
      <group choice="opt">
133
 
        <arg choice="plain"><option>-s</option>
134
 
        <replaceable>type</replaceable></arg>
135
 
      </group>
136
 
      <group choice="opt">
137
 
        <arg choice="plain"><option>-L</option>
138
 
        <replaceable>bits</replaceable></arg>
139
 
      </group>
140
 
      <group choice="opt">
141
 
        <arg choice="plain"><option>-n</option>
142
 
        <replaceable>NAME</replaceable></arg>
143
 
      </group>
144
 
      <group choice="opt">
145
 
        <arg choice="plain"><option>-e</option>
146
 
        <replaceable>EMAIL</replaceable></arg>
147
 
      </group>
148
 
      <group choice="opt">
149
 
        <arg choice="plain"><option>-c</option>
150
 
        <replaceable>COMMENT</replaceable></arg>
151
 
      </group>
152
 
      <group choice="opt">
153
 
        <arg choice="plain"><option>-x</option>
154
 
        <replaceable>TIME</replaceable></arg>
155
 
      </group>
156
 
      <group choice="opt">
157
129
        <arg choice="plain"><option>-f</option></arg>
158
130
      </group>
159
131
    </cmdsynopsis>
160
132
    <cmdsynopsis>
161
133
      <command>&COMMANDNAME;</command>
162
134
      <group choice="req">
 
135
        <arg choice="plain"><option>--password</option></arg>
163
136
        <arg choice="plain"><option>-p</option></arg>
164
 
        <arg choice="plain"><option>--password</option></arg>
165
 
      </group>
166
 
      <group choice="opt">
167
 
        <arg choice="plain"><option>--dir</option>
168
 
        <replaceable>directory</replaceable></arg>
169
 
      </group>
170
 
      <group choice="opt">
171
 
        <arg choice="plain"><option>--name</option>
172
 
        <replaceable>NAME</replaceable></arg>
 
137
        <arg choice="plain"><option>--passfile
 
138
        <replaceable>FILE</replaceable></option></arg>
 
139
        <arg choice="plain"><option>-F</option>
 
140
        <replaceable>FILE</replaceable></arg>
 
141
      </group>
 
142
      <sbr/>
 
143
      <group>
 
144
        <arg choice="plain"><option>--dir
 
145
        <replaceable>DIRECTORY</replaceable></option></arg>
 
146
        <arg choice="plain"><option>-d
 
147
        <replaceable>DIRECTORY</replaceable></option></arg>
 
148
      </group>
 
149
      <sbr/>
 
150
      <group>
 
151
        <arg choice="plain"><option>--name
 
152
        <replaceable>NAME</replaceable></option></arg>
 
153
        <arg choice="plain"><option>-n
 
154
        <replaceable>NAME</replaceable></option></arg>
 
155
      </group>
 
156
      <group>
 
157
        <arg choice="plain"><option>--no-ssh</option></arg>
 
158
        <arg choice="plain"><option>-S</option></arg>
173
159
      </group>
174
160
    </cmdsynopsis>
175
161
    <cmdsynopsis>
176
162
      <command>&COMMANDNAME;</command>
177
163
      <group choice="req">
 
164
        <arg choice="plain"><option>--help</option></arg>
178
165
        <arg choice="plain"><option>-h</option></arg>
179
 
        <arg choice="plain"><option>--help</option></arg>
180
166
      </group>
181
167
    </cmdsynopsis>
182
168
    <cmdsynopsis>
183
169
      <command>&COMMANDNAME;</command>
184
170
      <group choice="req">
 
171
        <arg choice="plain"><option>--version</option></arg>
185
172
        <arg choice="plain"><option>-v</option></arg>
186
 
        <arg choice="plain"><option>--version</option></arg>
187
173
      </group>
188
174
    </cmdsynopsis>
189
175
  </refsynopsisdiv>
190
 
 
 
176
  
191
177
  <refsect1 id="description">
192
178
    <title>DESCRIPTION</title>
193
179
    <para>
194
180
      <command>&COMMANDNAME;</command> is a program to generate the
195
 
      OpenPGP keys used by
196
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
197
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
 
181
      OpenPGP key used by
 
182
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
183
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
198
184
      normally written to /etc/mandos for later installation into the
199
 
      initrd image, but this, like most things, can be changed with
200
 
      command line options.
 
185
      initrd image, but this, and most other things, can be changed
 
186
      with command line options.
201
187
    </para>
202
188
    <para>
203
 
      It can also be used to generate ready-made sections for
 
189
      This program can also be used with the
 
190
      <option>--password</option> or <option>--passfile</option>
 
191
      options to generate a ready-made section for
 
192
      <filename>clients.conf</filename> (see
204
193
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
205
 
      <manvolnum>5</manvolnum></citerefentry> using the
206
 
      <option>--password</option> option.
 
194
      <manvolnum>5</manvolnum></citerefentry>).
207
195
    </para>
208
196
  </refsect1>
209
197
  
210
198
  <refsect1 id="purpose">
211
199
    <title>PURPOSE</title>
212
 
 
213
200
    <para>
214
201
      The purpose of this is to enable <emphasis>remote and unattended
215
202
      rebooting</emphasis> of client host computer with an
216
203
      <emphasis>encrypted root file system</emphasis>.  See <xref
217
204
      linkend="overview"/> for details.
218
205
    </para>
219
 
 
220
206
  </refsect1>
221
207
  
222
208
  <refsect1 id="options">
223
209
    <title>OPTIONS</title>
224
 
 
 
210
    
225
211
    <variablelist>
226
212
      <varlistentry>
227
 
        <term><literal>-h</literal>, <literal>--help</literal></term>
 
213
        <term><option>--help</option></term>
 
214
        <term><option>-h</option></term>
228
215
        <listitem>
229
216
          <para>
230
217
            Show a help message and exit
231
218
          </para>
232
219
        </listitem>
233
220
      </varlistentry>
234
 
 
 
221
      
235
222
      <varlistentry>
236
 
        <term><literal>-d</literal>, <literal>--dir
237
 
        <replaceable>directory</replaceable></literal></term>
 
223
        <term><option>--dir
 
224
        <replaceable>DIRECTORY</replaceable></option></term>
 
225
        <term><option>-d
 
226
        <replaceable>DIRECTORY</replaceable></option></term>
238
227
        <listitem>
239
228
          <para>
240
229
            Target directory for key files.  Default is
241
 
            <filename>/etc/mandos</filename>.
242
 
          </para>
243
 
        </listitem>
244
 
      </varlistentry>
245
 
 
246
 
      <varlistentry>
247
 
        <term><literal>-t</literal>, <literal>--type
248
 
        <replaceable>type</replaceable></literal></term>
249
 
        <listitem>
250
 
          <para>
251
 
            Key type.  Default is <quote>DSA</quote>.
252
 
          </para>
253
 
        </listitem>
254
 
      </varlistentry>
255
 
 
256
 
      <varlistentry>
257
 
        <term><literal>-l</literal>, <literal>--length
258
 
        <replaceable>bits</replaceable></literal></term>
259
 
        <listitem>
260
 
          <para>
261
 
            Key length in bits.  Default is 2048.
262
 
          </para>
263
 
        </listitem>
264
 
      </varlistentry>
265
 
 
266
 
      <varlistentry>
267
 
        <term><literal>-s</literal>, <literal>--subtype
268
 
        <replaceable>type</replaceable></literal></term>
269
 
        <listitem>
270
 
          <para>
271
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
 
230
            <filename class="directory">/etc/mandos</filename>.
 
231
          </para>
 
232
        </listitem>
 
233
      </varlistentry>
 
234
      
 
235
      <varlistentry>
 
236
        <term><option>--type
 
237
        <replaceable>TYPE</replaceable></option></term>
 
238
        <term><option>-t
 
239
        <replaceable>TYPE</replaceable></option></term>
 
240
        <listitem>
 
241
          <para>
 
242
            Key type.  Default is <quote>RSA</quote>.
 
243
          </para>
 
244
        </listitem>
 
245
      </varlistentry>
 
246
      
 
247
      <varlistentry>
 
248
        <term><option>--length
 
249
        <replaceable>BITS</replaceable></option></term>
 
250
        <term><option>-l
 
251
        <replaceable>BITS</replaceable></option></term>
 
252
        <listitem>
 
253
          <para>
 
254
            Key length in bits.  Default is 4096.
 
255
          </para>
 
256
        </listitem>
 
257
      </varlistentry>
 
258
      
 
259
      <varlistentry>
 
260
        <term><option>--subtype
 
261
        <replaceable>KEYTYPE</replaceable></option></term>
 
262
        <term><option>-s
 
263
        <replaceable>KEYTYPE</replaceable></option></term>
 
264
        <listitem>
 
265
          <para>
 
266
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
272
267
            encryption-only).
273
268
          </para>
274
269
        </listitem>
275
270
      </varlistentry>
276
 
 
 
271
      
277
272
      <varlistentry>
278
 
        <term><literal>-L</literal>, <literal>--sublength
279
 
        <replaceable>bits</replaceable></literal></term>
 
273
        <term><option>--sublength
 
274
        <replaceable>BITS</replaceable></option></term>
 
275
        <term><option>-L
 
276
        <replaceable>BITS</replaceable></option></term>
280
277
        <listitem>
281
278
          <para>
282
 
            Subkey length in bits.  Default is 2048.
 
279
            Subkey length in bits.  Default is 4096.
283
280
          </para>
284
281
        </listitem>
285
282
      </varlistentry>
286
 
 
 
283
      
287
284
      <varlistentry>
288
 
        <term><literal>-e</literal>, <literal>--email</literal>
289
 
        <replaceable>address</replaceable></term>
 
285
        <term><option>--email
 
286
        <replaceable>ADDRESS</replaceable></option></term>
 
287
        <term><option>-e
 
288
        <replaceable>ADDRESS</replaceable></option></term>
290
289
        <listitem>
291
290
          <para>
292
291
            Email address of key.  Default is empty.
293
292
          </para>
294
293
        </listitem>
295
294
      </varlistentry>
296
 
 
 
295
      
297
296
      <varlistentry>
298
 
        <term><literal>-c</literal>, <literal>--comment</literal>
299
 
        <replaceable>comment</replaceable></term>
 
297
        <term><option>--comment
 
298
        <replaceable>TEXT</replaceable></option></term>
 
299
        <term><option>-c
 
300
        <replaceable>TEXT</replaceable></option></term>
300
301
        <listitem>
301
302
          <para>
302
 
            Comment field for key.  The default value is
303
 
            <quote><literal>Mandos client key</literal></quote>.
 
303
            Comment field for key.  Default is empty.
304
304
          </para>
305
305
        </listitem>
306
306
      </varlistentry>
307
 
 
 
307
      
308
308
      <varlistentry>
309
 
        <term><literal>-x</literal>, <literal>--expire</literal>
310
 
        <replaceable>time</replaceable></term>
 
309
        <term><option>--expire
 
310
        <replaceable>TIME</replaceable></option></term>
 
311
        <term><option>-x
 
312
        <replaceable>TIME</replaceable></option></term>
311
313
        <listitem>
312
314
          <para>
313
315
            Key expire time.  Default is no expiration.  See
316
318
          </para>
317
319
        </listitem>
318
320
      </varlistentry>
319
 
 
 
321
      
320
322
      <varlistentry>
321
 
        <term><literal>-f</literal>, <literal>--force</literal></term>
 
323
        <term><option>--force</option></term>
 
324
        <term><option>-f</option></term>
322
325
        <listitem>
323
326
          <para>
324
 
            Force overwriting old keys.
 
327
            Force overwriting old key.
325
328
          </para>
326
329
        </listitem>
327
330
      </varlistentry>
328
331
      <varlistentry>
329
 
        <term><literal>-p</literal>, <literal>--password</literal
330
 
        ></term>
 
332
        <term><option>--password</option></term>
 
333
        <term><option>-p</option></term>
331
334
        <listitem>
332
335
          <para>
333
336
            Prompt for a password and encrypt it with the key already
339
342
            >8</manvolnum></citerefentry>.  The host name or the name
340
343
            specified with the <option>--name</option> option is used
341
344
            for the section header.  All other options are ignored,
342
 
            and no keys are created.
 
345
            and no key is created.
 
346
          </para>
 
347
        </listitem>
 
348
      </varlistentry>
 
349
      <varlistentry>
 
350
        <term><option>--passfile
 
351
        <replaceable>FILE</replaceable></option></term>
 
352
        <term><option>-F
 
353
        <replaceable>FILE</replaceable></option></term>
 
354
        <listitem>
 
355
          <para>
 
356
            The same as <option>--password</option>, but read from
 
357
            <replaceable>FILE</replaceable>, not the terminal.
 
358
          </para>
 
359
        </listitem>
 
360
      </varlistentry>
 
361
      <varlistentry>
 
362
        <term><option>--no-ssh</option></term>
 
363
        <term><option>-S</option></term>
 
364
        <listitem>
 
365
          <para>
 
366
            When <option>--password</option> or
 
367
            <option>--passfile</option> is given, this option will
 
368
            prevent <command>&COMMANDNAME;</command> from calling
 
369
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
370
            for this host and, if successful, output suitable config
 
371
            options to use this fingerprint as a
 
372
            <option>checker</option> option in the output.  This is
 
373
            otherwise the default behavior.
343
374
          </para>
344
375
        </listitem>
345
376
      </varlistentry>
346
377
    </variablelist>
347
378
  </refsect1>
348
 
 
 
379
  
349
380
  <refsect1 id="overview">
350
381
    <title>OVERVIEW</title>
351
382
    <xi:include href="overview.xml"/>
352
383
    <para>
353
384
      This program is a small utility to generate new OpenPGP keys for
354
 
      new Mandos clients.
 
385
      new Mandos clients, and to generate sections for inclusion in
 
386
      <filename>clients.conf</filename> on the server.
355
387
    </para>
356
388
  </refsect1>
357
 
 
 
389
  
358
390
  <refsect1 id="exit_status">
359
391
    <title>EXIT STATUS</title>
360
392
    <para>
361
 
      The exit status will be 0 if new keys were successfully created,
362
 
      otherwise not.
 
393
      The exit status will be 0 if a new key (or password, if the
 
394
      <option>--password</option> option was used) was successfully
 
395
      created, otherwise not.
363
396
    </para>
364
397
  </refsect1>
365
398
  
367
400
    <title>ENVIRONMENT</title>
368
401
    <variablelist>
369
402
      <varlistentry>
370
 
        <term><varname>TMPDIR</varname></term>
 
403
        <term><envar>TMPDIR</envar></term>
371
404
        <listitem>
372
405
          <para>
373
406
            If set, temporary files will be created here. See
379
412
    </variablelist>
380
413
  </refsect1>
381
414
  
382
 
  <refsect1 id="file">
 
415
  <refsect1 id="files">
383
416
    <title>FILES</title>
384
417
    <para>
385
418
      Use the <option>--dir</option> option to change where
406
439
        </listitem>
407
440
      </varlistentry>
408
441
      <varlistentry>
409
 
        <term><filename>/tmp</filename></term>
 
442
        <term><filename class="directory">/tmp</filename></term>
410
443
        <listitem>
411
444
          <para>
412
445
            Temporary files will be written here if
416
449
      </varlistentry>
417
450
    </variablelist>
418
451
  </refsect1>
419
 
 
 
452
  
420
453
  <refsect1 id="bugs">
421
454
    <title>BUGS</title>
422
 
    <para>
423
 
      None are known at this time.
424
 
    </para>
 
455
    <xi:include href="bugs.xml"/>
425
456
  </refsect1>
426
 
 
 
457
  
427
458
  <refsect1 id="example">
428
459
    <title>EXAMPLE</title>
429
460
    <informalexample>
431
462
        Normal invocation needs no options:
432
463
      </para>
433
464
      <para>
434
 
        <userinput>mandos-keygen</userinput>
 
465
        <userinput>&COMMANDNAME;</userinput>
435
466
      </para>
436
467
    </informalexample>
437
468
    <informalexample>
438
469
      <para>
439
 
        Create keys in another directory and of another type.  Force
 
470
        Create key in another directory and of another type.  Force
440
471
        overwriting old key files:
441
472
      </para>
442
473
      <para>
443
474
 
444
475
<!-- do not wrap this line -->
445
 
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
 
476
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
 
477
 
 
478
      </para>
 
479
    </informalexample>
 
480
    <informalexample>
 
481
      <para>
 
482
        Prompt for a password, encrypt it with the key in <filename
 
483
        class="directory">/etc/mandos</filename> and output a section
 
484
        suitable for <filename>clients.conf</filename>.
 
485
      </para>
 
486
      <para>
 
487
        <userinput>&COMMANDNAME; --password</userinput>
 
488
      </para>
 
489
    </informalexample>
 
490
    <informalexample>
 
491
      <para>
 
492
        Prompt for a password, encrypt it with the key in the
 
493
        <filename>client-key</filename> directory and output a section
 
494
        suitable for <filename>clients.conf</filename>.
 
495
      </para>
 
496
      <para>
 
497
 
 
498
<!-- do not wrap this line -->
 
499
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
446
500
 
447
501
      </para>
448
502
    </informalexample>
449
503
  </refsect1>
450
 
 
 
504
  
451
505
  <refsect1 id="security">
452
506
    <title>SECURITY</title>
453
507
    <para>
454
508
      The <option>--type</option>, <option>--length</option>,
455
509
      <option>--subtype</option>, and <option>--sublength</option>
456
 
      options can be used to create keys of insufficient security.  If
457
 
      in doubt, leave them to the default values.
 
510
      options can be used to create keys of low security.  If in
 
511
      doubt, leave them to the default values.
458
512
    </para>
459
513
    <para>
460
 
      The key expire time is not guaranteed to be honored by
461
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
514
      The key expire time is <emphasis>not</emphasis> guaranteed to be
 
515
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
462
516
      <manvolnum>8</manvolnum></citerefentry>.
463
517
    </para>
464
518
  </refsect1>
465
 
 
 
519
  
466
520
  <refsect1 id="see_also">
467
521
    <title>SEE ALSO</title>
468
522
    <para>
469
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
523
      <citerefentry><refentrytitle>intro</refentrytitle>
470
524
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
525
      <citerefentry><refentrytitle>gpg</refentrytitle>
 
526
      <manvolnum>1</manvolnum></citerefentry>,
 
527
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
528
      <manvolnum>5</manvolnum></citerefentry>,
471
529
      <citerefentry><refentrytitle>mandos</refentrytitle>
472
530
      <manvolnum>8</manvolnum></citerefentry>,
473
 
      <citerefentry><refentrytitle>gpg</refentrytitle>
 
531
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
532
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
533
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
474
534
      <manvolnum>1</manvolnum></citerefentry>
475
535
    </para>
476
536
  </refsect1>