Copyright (c) 2001, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
/etc/inet/secret/ike.preshared
The /etc/inet/secret/ike.preshared file contains secret keying material that two IKE instances can use to authenticate each other. Because of the sensitive nature of this data, it is kept in the /etc/inet/secret directory, which is only accessible by root.
Pre-shared keys are delimited by open-curly-brace ({) and close-curly-brace (}) characters. There are five name-value pairs required inside a pre-shared key:
Name | Value | Example |
localidtype | IP | localidtype IP |
remoteidtype | IP | remoteidtype IP |
localid | IP-address | localid 10.1.1.2 |
remoteid | IP-address | remoteid 10.1.1.3 |
key | hex-string | 1234567890abcdef |
Comment lines with # appearing in the first column are also legal.
Files in this format can also be used by the ikeadm(1M) command to load additional pre-shared keys into a running an in.iked(1M) process.
Example 1 A Sample ike.preshared File
The following is an example of an ike.preshared file:
# # Two pre-shared keys between myself, 10.1.1.2, and two remote # hosts. Note that names are not allowed for IP addresses. # # A decent hex string can be obtained by performing: # od -x </dev/random | head # { localidtype IP localid 10.1.1.2 remoteidtype IP remoteid 10.21.12.4 key 4b656265207761732068657265210c0a } { localidtype IP localid 10.1.1.2 remoteidtype IP remoteid 10.9.1.25 key 536f20776572652042696c6c2c2052656e65652c20616e642043687269732e0a }
If this file is compromised, all IPsec security associations derived from secrets in this file will be compromised as well. The default permissions on ike.preshared are 0600. They should stay this way.
od(1), ikeadm(1M), in.iked(1M), ipseckey(1M), attributes(5), random(7D)