/mandos/trunk : revision 125

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 10:27:33 UTC
Revision ID: teddy@fukt.bsnet.se-20080831102733-2u083dacxul80ynp

* plugin-runner.xml (OPTIONS): Use <option> tags instead of
                               <literal>.  Split <term> tags into one
                               for each option.  Moved long options
                               before short.

files added:
initramfs-tools-hook-conf

plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Generate key and password for Mandos client and server.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

126

137

127

138

</group>

128

139

<sbr/>

129

<group>

130

<arg choice="plain"><option>--tls-keytype

131

<replaceable>KEYTYPE</replaceable></option></arg>

132

<arg choice="plain"><option>-T

133

<replaceable>KEYTYPE</replaceable></option></arg>

134

</group>

135

<sbr/>

136

<group>

137

<arg choice="plain"><option>--force</option></arg>

138

139

</group>

140

<arg><option>--force</option></arg>

140

141

</cmdsynopsis>

141

142

142

143

<command>&COMMANDNAME;</command>

143

144

144

145

<arg choice="plain"><option>--password</option></arg>

145

146

146

<arg choice="plain"><option>--passfile

147

148

149

150

147

</group>

151

148

<sbr/>

152

149

<group>

162

159

<arg choice="plain"><option>-n

163

160

164

161

</group>

165

<group>

166

167

168

</group>

169

162

</cmdsynopsis>

170

163

171

164

<command>&COMMANDNAME;</command>

187

180

<title>DESCRIPTION</title>

188

181

<para>

189

182

<command>&COMMANDNAME;</command> is a program to generate the

190

TLS and OpenPGP keys used by

191

<citerefentry><refentrytitle>mandos-client</refentrytitle>

192

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

183

OpenPGP key used by

184

<citerefentry><refentrytitle>password-request</refentrytitle>

185

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

193

186

normally written to /etc/mandos for later installation into the

194

187

initrd image, but this, and most other things, can be changed

195

188

with command line options.

196

189

</para>

197

190

<para>

198

191

This program can also be used with the

199

<option>--password</option> or <option>--passfile</option>

200

options to generate a ready-made section for

201

<filename>clients.conf</filename> (see

192

<option>--password</option> option to generate a ready-made

193

section for <filename>clients.conf</filename> (see

202

194

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

203

195

<manvolnum>5</manvolnum></citerefentry>).

204

196

</para>

227

219

</para>

228

220

</listitem>

229

221

</varlistentry>

230

222

231

223

232

224

<term><option>--dir

233

225

<replaceable>DIRECTORY</replaceable></option></term>

236

228

237

229

<para>

238

230

Target directory for key files. Default is

239

<filename class="directory">/etc/mandos</filename>.

231

<filename>/etc/mandos</filename>.

240

232

</para>

241

233

</listitem>

242

234

</varlistentry>

243

235

244

236

245

237

<term><option>--type

246

238

248

240

249

241

250

242

<para>

251

OpenPGP key type. Default is <quote>RSA</quote>.

243

Key type. Default is <quote>DSA</quote>.

252

244

</para>

253

245

</listitem>

254

246

</varlistentry>

255

247

256

248

257

249

<term><option>--length

258

250

260

252

261

253

262

254

<para>

263

OpenPGP key length in bits. Default is 4096.

255

Key length in bits. Default is 2048.

264

256

</para>

265

257

</listitem>

266

258

</varlistentry>

267

259

268

260

269

261

<term><option>--subtype

270

262

<replaceable>KEYTYPE</replaceable></option></term>

272

264

<replaceable>KEYTYPE</replaceable></option></term>

273

265

274

266

<para>

275

OpenPGP subkey type. Default is <quote>RSA</quote>

267

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

268

encryption-only).

276

269

</para>

277

270

</listitem>

278

271

</varlistentry>

279

272

280

273

281

274

<term><option>--sublength

282

275

284

277

285

278

286

279

<para>

287

OpenPGP subkey length in bits. Default is 4096.

280

Subkey length in bits. Default is 2048.

288

281

</para>

289

282

</listitem>

290

283

</varlistentry>

291

284

292

285

293

286

<term><option>--email

294

287

<replaceable>ADDRESS</replaceable></option></term>

300

293

</para>

301

294

</listitem>

302

295

</varlistentry>

303

296

304

297

305

298

<term><option>--comment

306

299

308

301

309

302

310

303

<para>

311

Comment field for key. Default is empty.

304

Comment field for key. The default value is

305

<quote><literal>Mandos client key</literal></quote>.

312

306

</para>

313

307

</listitem>

314

308

</varlistentry>

315

309

316

310

317

311

<term><option>--expire

318

312

326

320

</para>

327

321

</listitem>

328

322

</varlistentry>

329

330

331

<term><option>--tls-keytype

332

<replaceable>KEYTYPE</replaceable></option></term>

333

<term><option>-T

334

<replaceable>KEYTYPE</replaceable></option></term>

335

336

<para>

337

TLS key type. Default is <quote>ed25519</quote>

338

</para>

339

</listitem>

340

</varlistentry>

341

323

342

324

343

325

<term><option>--force</option></term>

344

326

366

348

</para>

367

349

</listitem>

368

350

</varlistentry>

369

370

<term><option>--passfile

371

372

<term><option>-F

373

374

375

<para>

376

The same as <option>--password</option>, but read from

377

<replaceable>FILE</replaceable>, not the terminal.

378

</para>

379

</listitem>

380

</varlistentry>

381

382

383

384

385

<para>

386

When <option>--password</option> or

387

<option>--passfile</option> is given, this option will

388

prevent <command>&COMMANDNAME;</command> from calling

389

<command>ssh-keyscan</command> to get an SSH fingerprint

390

for this host and, if successful, output suitable config

391

options to use this fingerprint as a

392

<option>checker</option> option in the output. This is

393

otherwise the default behavior.

394

</para>

395

</listitem>

396

</varlistentry>

397

351

</variablelist>

398

352

</refsect1>

399

353

400

354

401

355

<title>OVERVIEW</title>

402

356

<xi:include href="overview.xml"/>

403

357

<para>

404

This program is a small utility to generate new TLS and OpenPGP

405

keys for new Mandos clients, and to generate sections for

406

inclusion in <filename>clients.conf</filename> on the server.

358

This program is a small utility to generate new OpenPGP keys for

359

new Mandos clients, and to generate sections for inclusion in

360

<filename>clients.conf</filename> on the server.

407

361

</para>

408

362

</refsect1>

409

363

410

364

411

365

<title>EXIT STATUS</title>

412

366

<para>

432

386

</variablelist>

433

387

</refsect1>

434

388

435

389

436

390

<title>FILES</title>

437

391

<para>

438

392

Use the <option>--dir</option> option to change where

459

413

</listitem>

460

414

</varlistentry>

461

415

462

<term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>

463

464

<para>

465

Private key file which will be created or overwritten.

466

</para>

467

</listitem>

468

</varlistentry>

469

470

<term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>

471

472

<para>

473

Public key file which will be created or overwritten.

474

</para>

475

</listitem>

476

</varlistentry>

477

478

416

479

417

480

418

<para>

481

419

Temporary files will be written here if

485

423

</varlistentry>

486

424

</variablelist>

487

425

</refsect1>

488

426

489

427

490

428

491

<xi:include href="bugs.xml"/>

429

<para>

430

None are known at this time.

431

</para>

492

432

</refsect1>

493

433

494

434

495

435

<title>EXAMPLE</title>

496

436

515

455

</informalexample>

516

456

517

457

<para>

518

Prompt for a password, encrypt it with the key in <filename

519

class="directory">/etc/mandos</filename> and output a section

520

suitable for <filename>clients.conf</filename>.

458

Prompt for a password, encrypt it with the key in

459

<filename>/etc/mandos</filename> and output a section suitable

460

for <filename>clients.conf</filename>.

521

461

</para>

522

462

<para>

523

463

<userinput>&COMMANDNAME; --password</userinput>

537

477

</para>

538

478

</informalexample>

539

479

</refsect1>

540

480

541

481

542

482

<title>SECURITY</title>

543

483

<para>

552

492

<manvolnum>8</manvolnum></citerefentry>.

553

493

</para>

554

494

</refsect1>

555

495

556

496

557

497

558

498

<para>

559

<citerefentry><refentrytitle>intro</refentrytitle>

560

<manvolnum>8mandos</manvolnum></citerefentry>,

561

499

562

500

<manvolnum>1</manvolnum></citerefentry>,

563

501

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

564

502

<manvolnum>5</manvolnum></citerefentry>,

565

503

<citerefentry><refentrytitle>mandos</refentrytitle>

566

504

<manvolnum>8</manvolnum></citerefentry>,

567

<citerefentry><refentrytitle>mandos-client</refentrytitle>

568

<manvolnum>8mandos</manvolnum></citerefentry>,

569

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

570

505

<citerefentry><refentrytitle>password-request</refentrytitle>

506

<manvolnum>8mandos</manvolnum></citerefentry>

571

507

</para>

572

508

</refsect1>

573

509

Older »