Man Linux: Main Page and Category List


       pamrsakp - generate keypairs for pam_rsa PAM-authentication module


       pamrsakp user hostname pubdir privdir hashtype usepassphrase


       The  pamrsakp is a utility script for creating RSA keypairs that can be
       used with the pam_rsa PAM-authentication module.


       All six arguments are required.

       *      user User for whom the RSA keypair is created.

       *      hostname Target hostname for which the RSA keypair  is  created.
              The  generated public key (which is actually contained within an
              X509 PEM-format certificate) is meant to be stored on the target

       *      pubdir Directory into which pamrsakp should output the generated
              RSA public key

       *      privdir  Directory  into  which   pamrsakp   should   create   a
              subdirectory  based on a SHA1 hashed hostname.  Depending on the
              value of hashtype, pamrsakp creates the RSA private key  in  the
              subdirectory either with a SHA1 hashed name, or with a name that
              is not hashed. NOTE: NEVER EVER LOSE YOUR PRIVATE KEY.

       *      hashtype Specify sha1 to  generate  RSA  private  key  with  its
              filename SHA1 hashed or specify none for no hashing.

       *      usepassphrase  Specify  yes to protect your RSA private key with
              passphrase-based encryption. THIS IS RECOMMENDED UNLESS YOU  ARE
              SURE  OF  WHAT  YOU  ARE  DOING.   You  will  be  prompted for a
              passphrase and the passphrase will be read from standard  input.
              Specify  no  for  an  unencrypted  RSA  private  key.   Use with


       Issuing a command:

       pamrsakp spock /safedir/pub /safedir/priv sha1 yes

       creates  an RSA keypair for user spock.  The public key is to be stored
       on host  User spock would presumably  use  a  USB
       memory  stick  (or other portable media) to store the corresponding RSA
       private key. Private key’s filename is based on a SHA1  hash,  and  the
       private key itself is encrypted with a passphrase.


               pamrsakp’s OpenSSL defaults


       This  script requires bash and will probably explode if any other shell
       is used




       Vesa-Matti Kari