Man page - ipsec-showhostkey(8)
Packages contains this manual
- ipsec-down(8)
- ipsec-rsasigkey(8)
- ipsec-rereadall(8)
- ipsec-addconn(8)
- ipsec-vfychain(8)
- ipsec-briefconnectionstatus(8)
- ipsec-algparse(8)
- ipsec-briefstatus(8)
- ipsec-checknflog(8)
- ipsec-replace(8)
- ipsec-_plutorun(8)
- ipsec-rereadcerts(8)
- ipsec-delete(8)
- ipsec-listen(8)
- ipsec-modutil(8)
- ipsec-initnss(8)
- ipsec-globalstatus(8)
- ipsec-start(8)
- ipsec-listcacerts(8)
- ipsec-add(8)
- ipsec-import(8)
- ipsec-unroute(8)
- ipsec-listall(8)
- ipsec-newhostkey(8)
- ipsec-fipsstatus(8)
- ipsec-restart(8)
- ipsec-stop(8)
- ipsec-checknss(8)
- ipsec-certutil(8)
- ipsec-listcerts(8)
- ipsec-trafficstatus(8)
- ipsec.conf(5)
- ipsec-pk12util(8)
- ipsec-whack(8)
- ipsec-shuntstatus(8)
- ipsec-_updown(8)
- ipsec-crlutil(8)
- ipsec-_updown.xfrm(8)
- ipsec-route(8)
- ipsec-checkconfig(8)
- ipsec-listcrls(8)
- ipsec-showroute(8)
- libreswan(7)
- ipsec-connectionstatus(8)
- ipsec-status(8)
- ipsec-letsencrypt(8)
- ipsec-ecdsasigkey(8)
- ipsec-readwriteconf(8)
- ipsec-up(8)
- ipsec-setup(8)
- ipsec-pluto(8)
- ipsec-showstates(8)
- pluto(8)
- ipsec.secrets(5)
- ipsec-rereadsecrets(8)
- ipsec-purgeocsp(8)
- ipsec-_stackmanager(8)
- ipsec-fetchcrls(8)
- ipsec-redirect(8)
- ipsec-ondemand(8)
- ipsec-listpubkeys(8)
- ipsec(8)
- ipsec-showhostkey(8)
apt-get install libreswan
Manual
IPSEC-SHOWHOSTKEY
NAMESYNOPSIS
DESCRIPTION
Common Options
List Options
Public Key Options
DIAGNOSTICS
FILES
SEE ALSO
HISTORY
BUGS
AUTHOR
NAME
ipsec-showhostkey - show host's authentication key
SYNOPSIS
|
ipsec showhostkey [--verbose] {--version | --list | --dump | --left | --right | --ipseckey | --pem} |
[--ckaid
ckaid
| --rsaid
rsaid
]
[--gateway
gateway
]
[--precedence
precedence
]
[--nssdir
nssdir
]
[--password
password
]
DESCRIPTION
Showhostkey outputs (on standard output) a public key suitable for this host, in the format specified, using the host key information stored in the NSS database.
In general, since only the super-user can access the NSS database, only the super-user can display the public key information.
Common Options
--version
Print the libreswan version, then exit.
--verbose
Increase the verbosity.
--nssdir nssdir
Specify the libreswan directory that contains the NSS database (default /var/lib/ipsec/nss).
--password password
Specify the password to use when accessing the NSS database (default contained in /etc/ipsec.d/nsspassword).
List Options
--list
List the private keys.
--dump
List, with more details, the private keys.
Public Key Options
--ckaid ckaid
Select the public key to display using the NSS ckaid.
--rsaid rsaid
Select the public key to display using the RSA key ID.
--pem
Print the selected public key in PEM encoded ASN.1 format.
--left , --right
Print the selected public key in ipsec.conf (5) format, as a leftrsasigkey or rightrsasigkey parameter respectively. For example, --left might give (with the key data trimmed down for clarity):
leftrsasigkey=0sAQOF8tZ2...+buFuFn/
--ipseckey
Print the selected public key in a format suitable for use as opportunistic-encryption DNS IPSECKEY record format (RFC 4025). A gateway can be specified with the --gateway , which currently supports IPv4 and IPv6 addresses. For the host name, the value returned by gethostname is used, with a . appended.
For example, --ipseckey --gateway 10.11.12.13 might give (with the key data trimmed for clarity):
IN IPSECKEY 10 1 2 10.11.12.13 AQOF8tZ2...+buFuFn/"
--gateway gateway
For --ipseckey , specify the gateway to display with the DNS IPSECKEY record.
--precedence precedence
For --ipseckey , specify the precedence to display with the DNS IPSECKEY record.
DIAGNOSTICS
A complaint about “no pubkey line found” indicates that the host has a key but it was generated with an old version of FreeS/WAN and does not contain the information that showhostkey needs.
FILES
/var/lib/ipsec/nss, /etc/ipsec.d/nsspassword
SEE ALSO
ipsec.conf (5), ipsec-rsasigkey (8), ipsec-newhostkey (8)
HISTORY
Written for the Linux FreeS/WAN project < https://www.freeswan.org > by Henry Spencer. Updated by Paul Wouters for the IPSECKEY format.
BUGS
Arguably, rather than just reporting the no-IN-KEY-line-found problem, showhostkey should be smart enough to run the existing key through rsasigkey with the --oldkey option, to generate a suitable output line.
AUTHOR
Paul Wouters