pkcipe - PK implementation for CIPE

pkcipe [OPTIONS] NAME

pkcipe is a helper tool to set up VPNs using CIPE.

Each machine in the VPN has an identity (such as its host name) and a public/private RSA key pair. The private key is stored in /etc/cipe/identity.priv. For every allowed CIPE connection, the public key of the other part is stored, along with configuration parameters, in /etc/cipe/pk/NAME (where NAME is the identity of the other part). Thus storing a public key gives permission to connect, similar to the SSH package (it is important to know how this works to not open holes).

For a quick overview on how to set up pkcipe on a Debian system, please refer to /usr/share/doc/pkcipe/README.Debian.gz. There is also more information on how to invoke pkcipe in /usr/share/doc/pkcipe/README.gz.

A summary of the pkcipe options is included below.

-i

To be invoked from inetd. Incompatible with -c.

-c host:port

To connect to host:port. Incompatible with -i.

-k keyfile

Gives location of private key file.

-r ipaddr

Routing IP address. Only for unusual cases, s.b.

-D flags

Debugging flags.

-E

Use stderr instead of syslog. (Debugging only, incompatible with -i.)

-p proto

Fall back to given protocol level.

-t secs

Set timeout.

rsa-keygen(8),ciped(8)

This manual page was written by Sam Hocevar <sam@zoy.org> for the Debian system (but may be used by others).