/mandos/trunk : revision 128

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 13:55:04 UTC
Revision ID: teddy@fukt.bsnet.se-20080831135504-2ka1cccglsghslxy

* plugin-runner.xml (/refentry/refentryinfo/copyright): Split
                                                        copyright
                                                        holders.
* plugins.d/password-request.xml (/refentry/refentryinfo/copyright):
                                 Split copyright holders.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2015-07-20">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Generate key and password for Mandos client and server.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

123

137

124

138

</group>

125

139

<sbr/>

126

<group>

127

<arg choice="plain"><option>--force</option></arg>

128

129

</group>

140

<arg><option>--force</option></arg>

130

141

</cmdsynopsis>

131

142

132

143

<command>&COMMANDNAME;</command>

133

144

134

145

<arg choice="plain"><option>--password</option></arg>

135

146

136

<arg choice="plain"><option>--passfile

137

138

139

140

147

</group>

141

148

<sbr/>

142

149

<group>

152

159

<arg choice="plain"><option>-n

153

160

154

161

</group>

155

<group>

156

157

158

</group>

159

162

</cmdsynopsis>

160

163

161

164

<command>&COMMANDNAME;</command>

178

181

<para>

179

182

<command>&COMMANDNAME;</command> is a program to generate the

180

183

OpenPGP key used by

181

<citerefentry><refentrytitle>mandos-client</refentrytitle>

184

<citerefentry><refentrytitle>password-request</refentrytitle>

182

185

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

183

186

normally written to /etc/mandos for later installation into the

184

187

initrd image, but this, and most other things, can be changed

186

189

</para>

187

190

<para>

188

191

This program can also be used with the

189

<option>--password</option> or <option>--passfile</option>

190

options to generate a ready-made section for

191

<filename>clients.conf</filename> (see

192

<option>--password</option> option to generate a ready-made

193

section for <filename>clients.conf</filename> (see

192

194

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

193

195

<manvolnum>5</manvolnum></citerefentry>).

194

196

</para>

217

219

</para>

218

220

</listitem>

219

221

</varlistentry>

220

222

221

223

222

224

<term><option>--dir

223

225

<replaceable>DIRECTORY</replaceable></option></term>

226

228

227

229

<para>

228

230

Target directory for key files. Default is

229

<filename class="directory">/etc/mandos</filename>.

231

<filename>/etc/mandos</filename>.

230

232

</para>

231

233

</listitem>

232

234

</varlistentry>

233

235

234

236

235

237

<term><option>--type

236

238

238

240

239

241

240

242

<para>

241

Key type. Default is <quote>RSA</quote>.

243

Key type. Default is <quote>DSA</quote>.

242

244

</para>

243

245

</listitem>

244

246

</varlistentry>

245

247

246

248

247

249

<term><option>--length

248

250

250

252

251

253

252

254

<para>

253

Key length in bits. Default is 4096.

255

Key length in bits. Default is 2048.

254

256

</para>

255

257

</listitem>

256

258

</varlistentry>

257

259

258

260

259

261

<term><option>--subtype

260

262

<replaceable>KEYTYPE</replaceable></option></term>

262

264

<replaceable>KEYTYPE</replaceable></option></term>

263

265

264

266

<para>

265

Subkey type. Default is <quote>RSA</quote> (Elgamal

267

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

266

268

encryption-only).

267

269

</para>

268

270

</listitem>

269

271

</varlistentry>

270

272

271

273

272

274

<term><option>--sublength

273

275

275

277

276

278

277

279

<para>

278

Subkey length in bits. Default is 4096.

280

Subkey length in bits. Default is 2048.

279

281

</para>

280

282

</listitem>

281

283

</varlistentry>

282

284

283

285

284

286

<term><option>--email

285

287

<replaceable>ADDRESS</replaceable></option></term>

291

293

</para>

292

294

</listitem>

293

295

</varlistentry>

294

296

295

297

296

298

<term><option>--comment

297

299

299

301

300

302

301

303

<para>

302

Comment field for key. Default is empty.

304

Comment field for key. The default value is

305

<quote><literal>Mandos client key</literal></quote>.

303

306

</para>

304

307

</listitem>

305

308

</varlistentry>

306

309

307

310

308

311

<term><option>--expire

309

312

317

320

</para>

318

321

</listitem>

319

322

</varlistentry>

320

323

321

324

322

325

<term><option>--force</option></term>

323

326

345

348

</para>

346

349

</listitem>

347

350

</varlistentry>

348

349

<term><option>--passfile

350

351

<term><option>-F

352

353

354

<para>

355

The same as <option>--password</option>, but read from

356

<replaceable>FILE</replaceable>, not the terminal.

357

</para>

358

</listitem>

359

</varlistentry>

360

361

362

363

364

<para>

365

When <option>--password</option> or

366

<option>--passfile</option> is given, this option will

367

prevent <command>&COMMANDNAME;</command> from calling

368

<command>ssh-keyscan</command> to get an SSH fingerprint

369

for this host and, if successful, output suitable config

370

options to use this fingerprint as a

371

<option>checker</option> option in the output. This is

372

otherwise the default behavior.

373

</para>

374

</listitem>

375

</varlistentry>

376

351

</variablelist>

377

352

</refsect1>

378

353

379

354

380

355

<title>OVERVIEW</title>

381

356

<xi:include href="overview.xml"/>

385

360

<filename>clients.conf</filename> on the server.

386

361

</para>

387

362

</refsect1>

388

363

389

364

390

365

<title>EXIT STATUS</title>

391

366

<para>

411

386

</variablelist>

412

387

</refsect1>

413

388

414

389

415

390

<title>FILES</title>

416

391

<para>

417

392

Use the <option>--dir</option> option to change where

438

413

</listitem>

439

414

</varlistentry>

440

415

441

416

442

417

443

418

<para>

444

419

Temporary files will be written here if

448

423

</varlistentry>

449

424

</variablelist>

450

425

</refsect1>

451

452

453

454

455

456

457

426

427

428

429

<para>

430

None are known at this time.

431

</para>

432

</refsect1>

433

458

434

459

435

<title>EXAMPLE</title>

460

436

479

455

</informalexample>

480

456

481

457

<para>

482

Prompt for a password, encrypt it with the key in <filename

483

class="directory">/etc/mandos</filename> and output a section

484

suitable for <filename>clients.conf</filename>.

458

Prompt for a password, encrypt it with the key in

459

<filename>/etc/mandos</filename> and output a section suitable

460

for <filename>clients.conf</filename>.

485

461

</para>

486

462

<para>

487

463

<userinput>&COMMANDNAME; --password</userinput>

501

477

</para>

502

478

</informalexample>

503

479

</refsect1>

504

480

505

481

506

482

<title>SECURITY</title>

507

483

<para>

516

492

<manvolnum>8</manvolnum></citerefentry>.

517

493

</para>

518

494

</refsect1>

519

495

520

496

521

497

522

498

<para>

523

<citerefentry><refentrytitle>intro</refentrytitle>

524

<manvolnum>8mandos</manvolnum></citerefentry>,

525

499

526

500

<manvolnum>1</manvolnum></citerefentry>,

527

501

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

528

502

<manvolnum>5</manvolnum></citerefentry>,

529

503

<citerefentry><refentrytitle>mandos</refentrytitle>

530

504

<manvolnum>8</manvolnum></citerefentry>,

531

<citerefentry><refentrytitle>mandos-client</refentrytitle>

532

<manvolnum>8mandos</manvolnum></citerefentry>,

533

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

534

505

<citerefentry><refentrytitle>password-request</refentrytitle>

506

<manvolnum>8mandos</manvolnum></citerefentry>

535

507

</para>

536

508

</refsect1>

537

509

Older »