Would it be prudent to add the following OpenBSD 4.5 code snippet:
if [ X"${isakmpd_flags}" != X"NO" ]; then
if [ ! -f /etc/isakmpd/private/local.key ]; then
echo -n "openssl: generating new isakmpd RSA key... "
if /usr/sbin/openssl genrsa -out
/etc/isakmpd/private/local.key 2048 \
> /dev/null 2>&1; then
chmod 600 /etc/isakmpd/private/local.key
openssl rsa -out /etc/isakmpd/local.pub \
-in /etc/isakmpd/private/local.key -pubout
> /dev/null 2>&1
echo done.
else
echo failed.
fi
fi
echo -n ' isakmpd'; isakmpd ${isakmpd_flags}
fi
to the current rc.initial file?
This would allow autogeneration of the isakmpd rsa keys in a fashion
similar to the ssh ones.
Comments?
--
Russell Sutherland
[email protected]
+1.416.696.7600
_______________________________________________
flashboot mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/flashboot
