On Tue, Jul 08, 2025 at 10:47:21AM -0000, Stuart Henderson wrote: > From the manual > > /etc/iked/private/ The directory where local private keys used for > public key authentication are kept. The file > local.key is used to store the local private key. > > using the plural there doesn't seems right to me,
I think it's written in the plural because it's intended to be understood in the context of someone administering several machines. So if you have five machines that you've swapped keys between to set up key-based auth with iked then there will be five keyS scattered between the /etc/iked/private/ dirs on those hosts. Also, key based auth is mostly used on small centrally administered networks, (E.G. home networks), so it's entirely reasonable to generate all of the private keys on the primary machine and just scp them to the others as required, (after a re-install or whatever). In that case, you might want to keep the private keys for all of the hosts in /etc/iked/private/ on the primary, (renamed to the hostname of the target), even though they are not going to be accessed by iked on that host. But yes, the man page could probably be clearer.
