[flashboot] Auto generation of the isakmpd/ipsec rsa keys
Kevin Steves
stevesk at pobox.com
Sat Jun 20 03:38:57 EST 2009
On Fri, Jun 19, 2009 at 09:26:24AM -0400, Russell Sutherland wrote:
: Would it be prudent to add the following OpenBSD 4.5 code snippet:
:
: if [ X"${isakmpd_flags}" != X"NO" ]; then
: if [ ! -f /etc/isakmpd/private/local.key ]; then
: echo -n "openssl: generating new isakmpd RSA key... "
: if /usr/sbin/openssl genrsa -out
: /etc/isakmpd/private/local.key 2048 \
: > /dev/null 2>&1; then
: chmod 600 /etc/isakmpd/private/local.key
: openssl rsa -out /etc/isakmpd/local.pub \
: -in /etc/isakmpd/private/local.key -pubout
: > /dev/null 2>&1
: echo done.
: else
: echo failed.
: fi
: fi
: echo -n ' isakmpd'; isakmpd ${isakmpd_flags}
: fi
:
: to the current rc.initial file?
:
: This would allow autogeneration of the isakmpd rsa keys in a fashion
: similar to the ssh ones.
yes, but you should look at rc.initial for how the ssh keys are
generated on /flash--it's not a cut and paste from openbsd /etc/rc.
More information about the flashboot
mailing list