{"id":3575,"date":"2022-12-20T17:09:03","date_gmt":"2022-12-20T20:09:03","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/ipsec_showhostkey-man8\/"},"modified":"2022-12-20T17:09:03","modified_gmt":"2022-12-20T20:09:03","slug":"ipsec_showhostkey-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/ipsec_showhostkey-man8\/","title":{"rendered":"IPSEC_SHOWHOSTKEY (man8)"},"content":{"rendered":"

IPSEC_SHOWHOSTKEY<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
DIAGNOSTICS<\/a>
FILES<\/a>
SEE ALSO<\/a>
HISTORY<\/a>
BUGS<\/a>
AUTHOR<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

ipsec_showhostkey \u2212 show host’s authentication key<\/p>\n

SYNOPSIS <\/a> <\/h2>\n\n\n
<\/td>\n\n

ipsec<\/b> showhostkey<\/i> [\u2212\u2212verbose] {\u2212\u2212version\u00a0|\u00a0\u2212\u2212list\u00a0|\u00a0\u2212\u2212dump\u00a0|\u00a0\u2212\u2212left\u00a0|\u00a0\u2212\u2212right\u00a0|\u00a0\u2212\u2212ipseckey}<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

[\u2212\u2212ckaid\u00a0ckaid\u00a0<\/i>|\u00a0\u2212\u2212rsaid\u00a0rsaid<\/i>]
[\u2212\u2212gateway\u00a0gateway<\/i>] [\u2212\u2212precedence\u00a0precedence<\/i>]
[\u2212\u2212nssdir\u00a0nssdir<\/i>] [\u2212\u2212password\u00a0password<\/i>]<\/p>\n

DESCRIPTION <\/a> <\/h2>\n

Showhostkey<\/i> outputs (on standard output) a public key suitable for this host, in the format specified, using the host key information stored in the NSS database.<\/p>\n

In general, since only the super\u2212user can access the NSS database, only the super\u2212user can display the public key information.<\/p>\n

Common Options
\u2212\u2212version<\/b><\/p>\n

Print the libreswan version, then exit.<\/p>\n

\u2212\u2212verbose<\/b><\/p>\n

Increase the verbosity.<\/p>\n

\u2212\u2212nssdir<\/b> nssdir<\/i><\/p>\n

Specify the libreswan directory that contains the NSS database (default \/var\/lib\/ipsec\/nss).<\/p>\n

\u2212\u2212password<\/b> password<\/i><\/p>\n

Specify the password to use when accessing the NSS database (default contained in \/etc\/ipsec.d\/nsspassword).<\/p>\n

List Options
\u2212\u2212list<\/b><\/p>\n

List the private keys.<\/p>\n

\u2212\u2212dump<\/b><\/p>\n

List, with more details, the private keys.<\/p>\n

Public Key Options
\u2212\u2212ckaid<\/b> ckaid<\/i><\/p>\n

Select the public key to display using the NSS ckaid.<\/p>\n

\u2212\u2212rsaid<\/b> rsaid<\/i><\/p>\n

Select the public key to display using the RSA key ID.<\/p>\n

\u2212\u2212left<\/b>, \u2212\u2212right<\/b><\/p>\n

Print the selected public key in ipsec.conf<\/b>(5) format, as a leftrsasigkey<\/b> or rightrsasigkey<\/b> parameter respectively. For example, \u2212\u2212left<\/b> might give (with the key data trimmed down for clarity):<\/p>\n

leftrsasigkey=0sAQOF8tZ2…+buFuFn\/<\/p>\n

\u2212\u2212ipseckey<\/b><\/p>\n

Print the selected public key in a format suitable for use as opportunistic\u2212encryption DNS IPSECKEY record format (RFC 4025). A gateway can be specified with the \u2212\u2212gateway<\/b>, which currently supports IPv4 and IPv6 addresses. For the host name, the value returned by gethostname<\/i> is used, with a .<\/b> appended.<\/p>\n

For example, \u2212\u2212ipseckey \u2212\u2212gateway 10.11.12.13<\/b> might give (with the key data trimmed for clarity):<\/p>\n

IN IPSECKEY 10 1 2 10.11.12.13 AQOF8tZ2…+buFuFn\/”<\/p>\n

\u2212\u2212gateway<\/b> gateway<\/i><\/p>\n

For \u2212\u2212ipseckey<\/b>, specify the gateway<\/i> to display with the DNS IPSECKEY record.<\/p>\n

\u2212\u2212precedence<\/b> precedence<\/i><\/p>\n

For \u2212\u2212ipseckey<\/b>, specify the precedence<\/i> to display with the DNS IPSECKEY record.<\/p>\n

DIAGNOSTICS <\/a> <\/h2>\n

A complaint about \u201cno pubkey line found\u201d indicates that the host has a key but it was generated with an old version of FreeS\/WAN and does not contain the information that showhostkey<\/i> needs.<\/p>\n

FILES <\/a> <\/h2>\n

\/var\/lib\/ipsec\/nss, \/etc\/ipsec.d\/nsspassword<\/p>\n

SEE ALSO <\/a> <\/h2>\n

ipsec.conf<\/b>(5), ipsec rsasigkey<\/b>(8) ipsec newhostkey<\/b>(8)<\/p>\n

HISTORY <\/a> <\/h2>\n

Written for the Linux FreeS\/WAN project <https:\/\/www.freeswan.org<\/font><\/b>> by Henry Spencer. Updated by Paul Wouters for the IPSECKEY format.<\/font><\/p>\n

BUGS <\/a> <\/h2>\n

Arguably, rather than just reporting the no\u2212IN\u2212KEY\u2212line\u2212found problem, showhostkey<\/i> should be smart enough to run the existing key through rsasigkey<\/i> with the \u2212\u2212oldkey<\/b> option, to generate a suitable output line.<\/font><\/p>\n

AUTHOR <\/a> <\/h2>\n

Paul Wouters<\/b><\/font><\/p>\n

placeholder to suppress warning<\/font><\/p>\n

\n","protected":false},"excerpt":{"rendered":"

ipsec_showhostkey \u2212 show host’s authentication key <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,693,4],"class_list":["post-3575","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-ipsec_showhostkey","tag-man8"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3575","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3575"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3575\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3575"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3575"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}