[flashboot] Auto generation of the isakmpd/ipsec rsa keys
Rickard Dahlstrand
rd at tilde.se
Sat Jun 20 03:14:51 EST 2009
Good idea,
Test and send a diff to Jakob and he'll include it in the CVS.
Rickard.
19 jun 2009 kl. 15.26 skrev Russell Sutherland:
> Would it be prudent to add the following OpenBSD 4.5 code snippet:
>
> if [ X"${isakmpd_flags}" != X"NO" ]; then
> if [ ! -f /etc/isakmpd/private/local.key ]; then
> echo -n "openssl: generating new isakmpd RSA key... "
> if /usr/sbin/openssl genrsa -out
> /etc/isakmpd/private/local.key 2048 \
>> /dev/null 2>&1; then
> chmod 600 /etc/isakmpd/private/local.key
> openssl rsa -out /etc/isakmpd/local.pub \
> -in /etc/isakmpd/private/local.key -pubout
>> /dev/null 2>&1
> echo done.
> else
> echo failed.
> fi
> fi
> echo -n ' isakmpd'; isakmpd ${isakmpd_flags}
> fi
>
> to the current rc.initial file?
>
> This would allow autogeneration of the isakmpd rsa keys in a fashion
> similar to the ssh ones.
>
> Comments?
>
> --
> Russell Sutherland
> russ at quist.ca
> +1.416.696.7600
> _______________________________________________
> flashboot mailing list
> flashboot at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/flashboot
More information about the flashboot
mailing list