To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos-keygen.xml
- browse files at revision 130
- compare with another revision
- download diff
- download tarball
- view history from revision 130
- Committer: Teddy Hogeborn
- Date: 2008-08-31 14:02:37 UTC
- Revision ID: teddy@fukt.bsnet.se-20080831140237-oz9knd88esz8cj4y
* plugin-runner.xml: Removed <?xml-stylesheet>.
* plugins.d/password-request.xml: - '' -
* plugins.d/password-request.xml: - '' -
- files added:
- initramfs-tools-hook-conf
- files removed:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- files renamed:
- plugins.d/mandos-client.c => plugins.d/password-request.c
- plugins.d/mandos-client.xml => plugins.d/password-request.xml
- files modified:
- .bzrignore
added
removed
mandos-keygen.xml
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
<!ENTITY TIMESTAMP "2019-02-10">
6
<!ENTITY % common SYSTEM "common.ent">
7
%common;
6
<!ENTITY TIMESTAMP "2008-08-31">
8
7
]>
9
8
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
11
<title>Mandos Manual</title>
13
12
<!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
13
<productname>Mandos</productname>
15
<productnumber>&version;</productnumber>
14
<productnumber>&VERSION;</productnumber>
16
15
<date>&TIMESTAMP;</date>
17
16
<authorgroup>
18
17
<author>
19
18
<firstname>Björn</firstname>
20
19
<surname>Påhlsson</surname>
21
20
<address>
22
<email>belorn@recompile.se</email>
21
<email>belorn@fukt.bsnet.se</email>
23
22
</address>
24
23
</author>
25
24
<author>
26
25
<firstname>Teddy</firstname>
27
26
<surname>Hogeborn</surname>
28
27
<address>
29
<email>teddy@recompile.se</email>
28
<email>teddy@fukt.bsnet.se</email>
30
29
</address>
31
30
</author>
32
31
</authorgroup>
33
32
<copyright>
34
33
<year>2008</year>
35
<year>2009</year>
36
<year>2010</year>
37
<year>2011</year>
38
<year>2012</year>
39
<year>2013</year>
40
<year>2014</year>
41
<year>2015</year>
42
<year>2016</year>
43
<year>2017</year>
44
<year>2018</year>
45
<year>2019</year>
46
34
<holder>Teddy Hogeborn</holder>
47
35
<holder>Björn Påhlsson</holder>
48
36
</copyright>
49
<xi:include href="legalnotice.xml"/>
37
<legalnotice>
38
<para>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
43
later version.
44
</para>
45
46
<para>
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
51
for more details.
52
</para>
53
54
<para>
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
58
</para>
59
</legalnotice>
50
60
</refentryinfo>
51
61
52
62
<refmeta>
53
63
<refentrytitle>&COMMANDNAME;</refentrytitle>
54
64
<manvolnum>8</manvolnum>
60
70
Generate key and password for Mandos client and server.
61
71
</refpurpose>
62
72
</refnamediv>
63
73
64
74
<refsynopsisdiv>
65
75
<cmdsynopsis>
66
76
<command>&COMMANDNAME;</command>
127
137
<replaceable>TIME</replaceable></option></arg>
128
138
</group>
129
139
<sbr/>
130
<group>
131
<arg choice="plain"><option>--tls-keytype
132
<replaceable>KEYTYPE</replaceable></option></arg>
133
<arg choice="plain"><option>-T
134
<replaceable>KEYTYPE</replaceable></option></arg>
135
</group>
136
<sbr/>
137
<group>
138
<arg choice="plain"><option>--force</option></arg>
139
<arg choice="plain"><option>-f</option></arg>
140
</group>
140
<arg><option>--force</option></arg>
141
141
</cmdsynopsis>
142
142
<cmdsynopsis>
143
143
<command>&COMMANDNAME;</command>
144
144
<group choice="req">
145
145
<arg choice="plain"><option>--password</option></arg>
146
146
<arg choice="plain"><option>-p</option></arg>
147
<arg choice="plain"><option>--passfile
148
<replaceable>FILE</replaceable></option></arg>
149
<arg choice="plain"><option>-F</option>
150
<replaceable>FILE</replaceable></arg>
151
147
</group>
152
148
<sbr/>
153
149
<group>
163
159
<arg choice="plain"><option>-n
164
160
<replaceable>NAME</replaceable></option></arg>
165
161
</group>
166
<group>
167
<arg choice="plain"><option>--no-ssh</option></arg>
168
<arg choice="plain"><option>-S</option></arg>
169
</group>
170
162
</cmdsynopsis>
171
163
<cmdsynopsis>
172
164
<command>&COMMANDNAME;</command>
188
180
<title>DESCRIPTION</title>
189
181
<para>
190
182
<command>&COMMANDNAME;</command> is a program to generate the
191
TLS and OpenPGP keys used by
192
<citerefentry><refentrytitle>mandos-client</refentrytitle>
193
<manvolnum>8mandos</manvolnum></citerefentry>. The keys are
194
normally written to /etc/keys/mandos for later installation into
195
the initrd image, but this, and most other things, can be
196
changed with command line options.
183
OpenPGP key used by
184
<citerefentry><refentrytitle>password-request</refentrytitle>
185
<manvolnum>8mandos</manvolnum></citerefentry>. The key is
186
normally written to /etc/mandos for later installation into the
187
initrd image, but this, and most other things, can be changed
188
with command line options.
197
189
</para>
198
190
<para>
199
191
This program can also be used with the
200
<option>--password</option> or <option>--passfile</option>
201
options to generate a ready-made section for
202
<filename>clients.conf</filename> (see
192
<option>--password</option> option to generate a ready-made
193
section for <filename>clients.conf</filename> (see
203
194
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
204
195
<manvolnum>5</manvolnum></citerefentry>).
205
196
</para>
228
219
</para>
229
220
</listitem>
230
221
</varlistentry>
231
222
232
223
<varlistentry>
233
224
<term><option>--dir
234
225
<replaceable>DIRECTORY</replaceable></option></term>
236
227
<replaceable>DIRECTORY</replaceable></option></term>
237
228
<listitem>
238
229
<para>
239
Target directory for key files. Default is <filename
240
class="directory">/etc/keys/mandos</filename>.
230
Target directory for key files. Default is
231
<filename>/etc/mandos</filename>.
241
232
</para>
242
233
</listitem>
243
234
</varlistentry>
244
235
245
236
<varlistentry>
246
237
<term><option>--type
247
238
<replaceable>TYPE</replaceable></option></term>
249
240
<replaceable>TYPE</replaceable></option></term>
250
241
<listitem>
251
242
<para>
252
OpenPGP key type. Default is <quote>RSA</quote>.
243
Key type. Default is <quote>DSA</quote>.
253
244
</para>
254
245
</listitem>
255
246
</varlistentry>
256
247
257
248
<varlistentry>
258
249
<term><option>--length
259
250
<replaceable>BITS</replaceable></option></term>
261
252
<replaceable>BITS</replaceable></option></term>
262
253
<listitem>
263
254
<para>
264
OpenPGP key length in bits. Default is 4096.
255
Key length in bits. Default is 2048.
265
256
</para>
266
257
</listitem>
267
258
</varlistentry>
268
259
269
260
<varlistentry>
270
261
<term><option>--subtype
271
262
<replaceable>KEYTYPE</replaceable></option></term>
273
264
<replaceable>KEYTYPE</replaceable></option></term>
274
265
<listitem>
275
266
<para>
276
OpenPGP subkey type. Default is <quote>RSA</quote>
267
Subkey type. Default is <quote>ELG-E</quote> (Elgamal
268
encryption-only).
277
269
</para>
278
270
</listitem>
279
271
</varlistentry>
280
272
281
273
<varlistentry>
282
274
<term><option>--sublength
283
275
<replaceable>BITS</replaceable></option></term>
285
277
<replaceable>BITS</replaceable></option></term>
286
278
<listitem>
287
279
<para>
288
OpenPGP subkey length in bits. Default is 4096.
280
Subkey length in bits. Default is 2048.
289
281
</para>
290
282
</listitem>
291
283
</varlistentry>
292
284
293
285
<varlistentry>
294
286
<term><option>--email
295
287
<replaceable>ADDRESS</replaceable></option></term>
301
293
</para>
302
294
</listitem>
303
295
</varlistentry>
304
296
305
297
<varlistentry>
306
298
<term><option>--comment
307
299
<replaceable>TEXT</replaceable></option></term>
309
301
<replaceable>TEXT</replaceable></option></term>
310
302
<listitem>
311
303
<para>
312
Comment field for key. Default is empty.
304
Comment field for key. The default value is
305
<quote><literal>Mandos client key</literal></quote>.
313
306
</para>
314
307
</listitem>
315
308
</varlistentry>
316
309
317
310
<varlistentry>
318
311
<term><option>--expire
319
312
<replaceable>TIME</replaceable></option></term>
327
320
</para>
328
321
</listitem>
329
322
</varlistentry>
330
331
<varlistentry>
332
<term><option>--tls-keytype
333
<replaceable>KEYTYPE</replaceable></option></term>
334
<term><option>-T
335
<replaceable>KEYTYPE</replaceable></option></term>
336
<listitem>
337
<para>
338
TLS key type. Default is <quote>ed25519</quote>
339
</para>
340
</listitem>
341
</varlistentry>
342
323
343
324
<varlistentry>
344
325
<term><option>--force</option></term>
345
326
<term><option>-f</option></term>
355
336
<listitem>
356
337
<para>
357
338
Prompt for a password and encrypt it with the key already
358
present in either <filename>/etc/keys/mandos</filename> or
359
the directory specified with the <option>--dir</option>
339
present in either <filename>/etc/mandos</filename> or the
340
directory specified with the <option>--dir</option>
360
341
option. Outputs, on standard output, a section suitable
361
342
for inclusion in <citerefentry><refentrytitle
362
343
>mandos-clients.conf</refentrytitle><manvolnum
367
348
</para>
368
349
</listitem>
369
350
</varlistentry>
370
<varlistentry>
371
<term><option>--passfile
372
<replaceable>FILE</replaceable></option></term>
373
<term><option>-F
374
<replaceable>FILE</replaceable></option></term>
375
<listitem>
376
<para>
377
The same as <option>--password</option>, but read from
378
<replaceable>FILE</replaceable>, not the terminal.
379
</para>
380
</listitem>
381
</varlistentry>
382
<varlistentry>
383
<term><option>--no-ssh</option></term>
384
<term><option>-S</option></term>
385
<listitem>
386
<para>
387
When <option>--password</option> or
388
<option>--passfile</option> is given, this option will
389
prevent <command>&COMMANDNAME;</command> from calling
390
<command>ssh-keyscan</command> to get an SSH fingerprint
391
for this host and, if successful, output suitable config
392
options to use this fingerprint as a
393
<option>checker</option> option in the output. This is
394
otherwise the default behavior.
395
</para>
396
</listitem>
397
</varlistentry>
398
351
</variablelist>
399
352
</refsect1>
400
353
401
354
<refsect1 id="overview">
402
355
<title>OVERVIEW</title>
403
356
<xi:include href="overview.xml"/>
404
357
<para>
405
This program is a small utility to generate new TLS and OpenPGP
406
keys for new Mandos clients, and to generate sections for
407
inclusion in <filename>clients.conf</filename> on the server.
358
This program is a small utility to generate new OpenPGP keys for
359
new Mandos clients, and to generate sections for inclusion in
360
<filename>clients.conf</filename> on the server.
408
361
</para>
409
362
</refsect1>
410
363
411
364
<refsect1 id="exit_status">
412
365
<title>EXIT STATUS</title>
413
366
<para>
433
386
</variablelist>
434
387
</refsect1>
435
388
436
<refsect1 id="files">
389
<refsect1 id="file">
437
390
<title>FILES</title>
438
391
<para>
439
392
Use the <option>--dir</option> option to change where
442
395
</para>
443
396
<variablelist>
444
397
<varlistentry>
445
<term><filename>/etc/keys/mandos/seckey.txt</filename></term>
398
<term><filename>/etc/mandos/seckey.txt</filename></term>
446
399
<listitem>
447
400
<para>
448
401
OpenPGP secret key file which will be created or
451
404
</listitem>
452
405
</varlistentry>
453
406
<varlistentry>
454
<term><filename>/etc/keys/mandos/pubkey.txt</filename></term>
407
<term><filename>/etc/mandos/pubkey.txt</filename></term>
455
408
<listitem>
456
409
<para>
457
410
OpenPGP public key file which will be created or
460
413
</listitem>
461
414
</varlistentry>
462
415
<varlistentry>
463
<term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>
464
<listitem>
465
<para>
466
Private key file which will be created or overwritten.
467
</para>
468
</listitem>
469
</varlistentry>
470
<varlistentry>
471
<term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>
472
<listitem>
473
<para>
474
Public key file which will be created or overwritten.
475
</para>
476
</listitem>
477
</varlistentry>
478
<varlistentry>
479
<term><filename class="directory">/tmp</filename></term>
416
<term><filename>/tmp</filename></term>
480
417
<listitem>
481
418
<para>
482
419
Temporary files will be written here if
486
423
</varlistentry>
487
424
</variablelist>
488
425
</refsect1>
489
426
490
427
<refsect1 id="bugs">
491
428
<title>BUGS</title>
492
<xi:include href="bugs.xml"/>
429
<para>
430
None are known at this time.
431
</para>
493
432
</refsect1>
494
433
495
434
<refsect1 id="example">
496
435
<title>EXAMPLE</title>
497
436
<informalexample>
516
455
</informalexample>
517
456
<informalexample>
518
457
<para>
519
Prompt for a password, encrypt it with the keys in <filename
520
class="directory">/etc/keys/mandos</filename> and output a
521
section suitable for <filename>clients.conf</filename>.
458
Prompt for a password, encrypt it with the key in
459
<filename>/etc/mandos</filename> and output a section suitable
460
for <filename>clients.conf</filename>.
522
461
</para>
523
462
<para>
524
463
<userinput>&COMMANDNAME; --password</userinput>
526
465
</informalexample>
527
466
<informalexample>
528
467
<para>
529
Prompt for a password, encrypt it with the keys in the
468
Prompt for a password, encrypt it with the key in the
530
469
<filename>client-key</filename> directory and output a section
531
470
suitable for <filename>clients.conf</filename>.
532
471
</para>
538
477
</para>
539
478
</informalexample>
540
479
</refsect1>
541
480
542
481
<refsect1 id="security">
543
482
<title>SECURITY</title>
544
483
<para>
553
492
<manvolnum>8</manvolnum></citerefentry>.
554
493
</para>
555
494
</refsect1>
556
495
557
496
<refsect1 id="see_also">
558
497
<title>SEE ALSO</title>
559
498
<para>
560
<citerefentry><refentrytitle>intro</refentrytitle>
561
<manvolnum>8mandos</manvolnum></citerefentry>,
562
499
<citerefentry><refentrytitle>gpg</refentrytitle>
563
500
<manvolnum>1</manvolnum></citerefentry>,
564
501
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
565
502
<manvolnum>5</manvolnum></citerefentry>,
566
503
<citerefentry><refentrytitle>mandos</refentrytitle>
567
504
<manvolnum>8</manvolnum></citerefentry>,
568
<citerefentry><refentrytitle>mandos-client</refentrytitle>
569
<manvolnum>8mandos</manvolnum></citerefentry>,
570
<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
571
<manvolnum>1</manvolnum></citerefentry>
505
<citerefentry><refentrytitle>password-request</refentrytitle>
506
<manvolnum>8mandos</manvolnum></citerefentry>
572
507
</para>
573
508
</refsect1>
574
509
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0