Re: [flashboot] Auto generation of the isakmpd/ipsec rsa keys

Rickard Dahlstrand Fri, 19 Jun 2009 10:15:13 -0700

Good idea,

Test and send a diff to Jakob and he'll include it in the CVS.


Rickard.

19 jun 2009 kl. 15.26 skrev Russell Sutherland:

Would it be prudent to add the following OpenBSD 4.5 code snippet:

if [ X"${isakmpd_flags}" != X"NO" ]; then
       if [ ! -f /etc/isakmpd/private/local.key ]; then
               echo -n "openssl: generating new isakmpd RSA key... "
               if /usr/sbin/openssl genrsa -out
/etc/isakmpd/private/local.key 2048 \

/dev/null 2>&1; then

                       chmod 600 /etc/isakmpd/private/local.key
                       openssl rsa -out /etc/isakmpd/local.pub \
                           -in /etc/isakmpd/private/local.key -pubout

/dev/null 2>&1

                       echo done.
               else
                       echo failed.
               fi
       fi
       echo -n ' isakmpd';     isakmpd ${isakmpd_flags}
fi

to the current rc.initial file?

This would allow autogeneration of the isakmpd rsa keys in a fashion
similar to the ssh ones.

Comments?

--
Russell Sutherland
r...@quist.ca
+1.416.696.7600
_______________________________________________
flashboot mailing list
flashboot@mindrot.org
https://lists.mindrot.org/mailman/listinfo/flashboot


_______________________________________________
flashboot mailing list
flashboot@mindrot.org
https://lists.mindrot.org/mailman/listinfo/flashboot

Re: [flashboot] Auto generation of the isakmpd/ipsec rsa keys

Reply via email to