Man Linux: Main Page and Category List

NAME

       astgenkey -- generates keys for for Asterisk IAX2 RSA authentication

SYNOPSIS

       astgenkey [ -q ] [ -n ] [ keyname ]

DESCRIPTION

       astgenkey  This  script generates an RSA private and public key pair in
       PEM format for use by Asterisk.  The  private  key  should  be  kept  a
       secret,  as  it  can  be  used to fake your system’s identity.  Thus by
       default (without the option -n ) the script will create  a  passphrase-
       encrypted  copy of your secret key: without entering the passphrase you
       won’t be able to use it.

       However if you want to use such a key with  Asterisk,  you’ll  have  to
       start  it  interactively, because the scripts that start asterisk can’t
       use that encrypted key.

       The key is identified by a name. If you don’t write  the  name  on  the
       command-line you’ll be prompted for one. The outputs of the script are:

       name.pub
              The public key: not secret. Send this to the other side.

       name.key
              The private key: secret.

       Those files should be copied to /var/lib/asterisk/keys

       (The private key: on your system. The public key: on other systems)

       To see the currently-installed keys from  the  asterisk  CLI,  use  the
       command

              show keys

OPTIONS

       -q
              Run quietly.

       -n
              Don’t encrypt the private key.

SECURITY

       The  keys are created, using the umask of the user running the command.
       To create the keys in a secure manner, you should check to ensure  that
       your  umask  is first set to disallow the private key from being world-
       readable, such as with the following commands:

       umask 0066

       astgenkey yourkey

       And then make the key accessible to Asterisk (assuming you  run  it  as
       user "asterisk").

         chown asterisk /var/lib/asterisk/keys/yourname.*

FILES

       /var/lib/asterisk/keys

SEE ALSO

       asterisk(8), genrsa(1), rsa(1),

       http://www.voip-info.org/wiki-Asterisk+iax+rsa+auth

AUTHOR

       This     manual     page     was     written     by    Tzafrir    Cohen
       <tzafrir.cohen@xorcom.com> Permission is granted  to  copy,  distribute
       and/or  modify  this document under the terms of the GNU General Public
       License, Version 2 any later version published  by  the  Free  Software
       Foundation.

       On  Debian systems, the complete text of the GNU General Public License
       can be found in /usr/share/common-licenses/GPL.