On Saturday 03 May 2008 14:00, Perry E. Metzger wrote:
> Right now, to use SSH to remotely connect to a machine using public
> keys, all I have to do is type "ssh-keygen" and copy the locally
> generated public key to a remote machine's authorized keys file.
> When there is an IPSEC system that is equally easy to use I'll switch
> to it.

OpenBSD has recently added the ipsecctl command, which greatly simplifies 
setting up IPSEC VPNs, especially between OpenBSD machines. A config file can 
be as simple as (from the man page):

ike esp from to
ike esp from to peer

And the file structure for storing certs, public/private keys, and shared 
secrets (which ipsecctl searches automatically) is equally simple.

Jeff Simmons                                   [EMAIL PROTECTED]
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise.  Are you sure you're doing it right?"
        --  My Life With The Thrill Kill Kult

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to