The pamrsakp
is a utility script for creating RSA keypairs
that can be used with the pam_rsa
PAM-authentication module.
ARGUMENTS
All six arguments are required.
*
user
User for whom the RSA keypair is created.
*
hostname
Target hostname for which the RSA keypair is created. The generated
public key (which is actually contained within an X509 PEM-format
certificate) is meant to be stored on the target host.
*
pubdir
Directory into which pamrsakp
should output the generated RSA public key
*
privdir
Directory into which pamrsakp
should create a subdirectory based
on a SHA1 hashed hostname.
Depending on the value of hashtype,
pamrsakp
creates the RSA private key in the subdirectory either with
a SHA1 hashed name, or with a name that is not hashed. NOTE: NEVER EVER LOSE
YOUR PRIVATE KEY.
*
hashtype
Specify sha1
to generate RSA private key with its filename SHA1 hashed or
specify none
for no hashing.
*
usepassphrase
Specify yes
to protect your RSA private key with passphrase-based
encryption. THIS IS RECOMMENDED UNLESS YOU ARE SURE OF WHAT YOU ARE DOING.
You will be prompted for a passphrase and the passphrase will be read
from standard input. Specify no
for an unencrypted RSA private key.
Use with caution.
creates an RSA keypair for user spock.
The public key is to be
stored on host startrek.example.com.
User spock would presumably
use a USB memory stick (or other portable media) to store the corresponding
RSA private key. Private key's filename is based on a SHA1 hash, and
the private key itself is encrypted with a passphrase.
FILES
/etc/security/pamrsakp.cnf
pamrsakp's OpenSSL defaults
NOTES
This script requires bash and will probably explode if any other shell is used