/mandos/trunk : revision 951

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files added:
DBUS-API

NEWS

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files removed:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-09-30">

<!ENTITY TIMESTAMP "2018-02-08">

<!ENTITY % common SYSTEM "common.ent">

%common;

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

116

126

117

127

</group>

118

128

<sbr/>

119

<arg><option>--force</option></arg>

129

<group>

130

<arg choice="plain"><option>--force</option></arg>

131

132

</group>

120

133

</cmdsynopsis>

121

134

122

135

<command>&COMMANDNAME;</command>

142

155

<arg choice="plain"><option>-n

143

156

144

157

</group>

158

<group>

159

160

161

</group>

145

162

</cmdsynopsis>

146

163

147

164

<command>&COMMANDNAME;</command>

212

229

213

230

<para>

214

231

Target directory for key files. Default is

215

<filename>/etc/mandos</filename>.

232

<filename class="directory">/etc/mandos</filename>.

216

233

</para>

217

234

</listitem>

218

235

</varlistentry>

224

241

225

242

226

243

<para>

227

Key type. Default is <quote>DSA</quote>.

244

Key type. Default is <quote>RSA</quote>.

228

245

</para>

229

246

</listitem>

230

247

</varlistentry>

236

253

237

254

238

255

<para>

239

Key length in bits. Default is 2048.

256

Key length in bits. Default is 4096.

240

257

</para>

241

258

</listitem>

242

259

</varlistentry>

248

265

<replaceable>KEYTYPE</replaceable></option></term>

249

266

250

267

<para>

251

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

268

Subkey type. Default is <quote>RSA</quote> (Elgamal

252

269

encryption-only).

253

270

</para>

254

271

</listitem>

261

278

262

279

263

280

<para>

264

Subkey length in bits. Default is 2048.

281

Subkey length in bits. Default is 4096.

265

282

</para>

266

283

</listitem>

267

284

</varlistentry>

285

302

286

303

287

304

<para>

288

Comment field for key. The default value is

289

<quote><literal>Mandos client key</literal></quote>.

305

Comment field for key. Default is empty.

290

306

</para>

291

307

</listitem>

292

308

</varlistentry>

344

360

</para>

345

361

</listitem>

346

362

</varlistentry>

363

364

365

366

367

<para>

368

When <option>--password</option> or

369

<option>--passfile</option> is given, this option will

370

prevent <command>&COMMANDNAME;</command> from calling

371

<command>ssh-keyscan</command> to get an SSH fingerprint

372

for this host and, if successful, output suitable config

373

options to use this fingerprint as a

374

<option>checker</option> option in the output. This is

375

otherwise the default behavior.

376

</para>

377

</listitem>

378

</varlistentry>

347

379

</variablelist>

348

380

</refsect1>

349

381

382

414

</variablelist>

383

415

</refsect1>

384

416

385

417

386

418

<title>FILES</title>

387

419

<para>

388

420

Use the <option>--dir</option> option to change where

409

441

</listitem>

410

442

</varlistentry>

411

443

412

444

413

445

414

446

<para>

415

447

Temporary files will be written here if

420

452

</variablelist>

421

453

</refsect1>

422

454

423

424

425

426

427

455

456

457

<xi:include href="bugs.xml"/>

458

</refsect1>

428

459

429

460

430

461

<title>EXAMPLE</title>

450

481

</informalexample>

451

482

452

483

<para>

453

Prompt for a password, encrypt it with the key in

454

<filename>/etc/mandos</filename> and output a section suitable

455

for <filename>clients.conf</filename>.

484

Prompt for a password, encrypt it with the key in <filename

485

class="directory">/etc/mandos</filename> and output a section

486

suitable for <filename>clients.conf</filename>.

456

487

</para>

457

488

<para>

458

489

<userinput>&COMMANDNAME; --password</userinput>

491

522

492

523

493

524

<para>

525

<citerefentry><refentrytitle>intro</refentrytitle>

526

<manvolnum>8mandos</manvolnum></citerefentry>,

494

527

495

528

<manvolnum>1</manvolnum></citerefentry>,

496

529

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

498

531

<citerefentry><refentrytitle>mandos</refentrytitle>

499

532

<manvolnum>8</manvolnum></citerefentry>,

500

533

<citerefentry><refentrytitle>mandos-client</refentrytitle>

501

<manvolnum>8mandos</manvolnum></citerefentry>

534

<manvolnum>8mandos</manvolnum></citerefentry>,

535

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

536

502

537

</para>

503

538

</refsect1>

504

539

Older »