IKE.PRESHARED(5) File Formats and Configurations IKE.PRESHARED(5)
ike.preshared - pre-shared keys file for IKE
/etc/inet/secret/ike.preshared
The /etc/inet/secret/ike.preshared file contains secret keying
material that two IKE instances can use to authenticate each other.
Because of the sensitive nature of this data, it is kept in the
/etc/inet/secret directory, which is only accessible by root.
Pre-shared keys are delimited by open-curly-brace ({) and close-
curly-brace (}) characters. There are five name-value pairs required
inside a pre-shared key:
Name Value Example
localidtype IP localidtype IP
remoteidtype IP remoteidtype IP
localid IP-address localid 10.1.1.2
remoteid IP-address remoteid 10.1.1.3
key hex-string 1234567890abcdef
Comment lines with # appearing in the first column are also legal.
Files in this format can also be used by the ikeadm(8) command to
load additional pre-shared keys into a running an in.iked(8) process.
The following is an example of an ike.preshared file:
#
# Two pre-shared keys between myself, 10.1.1.2, and two remote
# hosts. Note that names are not allowed for IP addresses.
#
# A decent hex string can be obtained by performing:
# od -x </dev/random | head
#
{
localidtype IP
localid 10.1.1.2
remoteidtype IP
remoteid 10.21.12.4
key 4b656265207761732068657265210c0a
}
{
localidtype IP
localid 10.1.1.2
remoteidtype IP
remoteid 10.9.1.25
key 536f20776572652042696c6c2c2052656e65652c20616e642043687269732e0a
}
If this file is compromised, all IPsec security associations derived
from secrets in this file will be compromised as well. The default
permissions on ike.preshared are 0600. They should stay this way.
od(1), random(4D), attributes(7), ikeadm(8), in.iked(8), ipseckey(8)
October 15, 2001 IKE.PRESHARED(5)
NAME
ike.preshared - pre-shared keys file for IKE
SYNOPSIS
/etc/inet/secret/ike.preshared
DESCRIPTION
The /etc/inet/secret/ike.preshared file contains secret keying
material that two IKE instances can use to authenticate each other.
Because of the sensitive nature of this data, it is kept in the
/etc/inet/secret directory, which is only accessible by root.
Pre-shared keys are delimited by open-curly-brace ({) and close-
curly-brace (}) characters. There are five name-value pairs required
inside a pre-shared key:
Name Value Example
localidtype IP localidtype IP
remoteidtype IP remoteidtype IP
localid IP-address localid 10.1.1.2
remoteid IP-address remoteid 10.1.1.3
key hex-string 1234567890abcdef
Comment lines with # appearing in the first column are also legal.
Files in this format can also be used by the ikeadm(8) command to
load additional pre-shared keys into a running an in.iked(8) process.
EXAMPLES
Example 1: A Sample ike.preshared File
The following is an example of an ike.preshared file:
#
# Two pre-shared keys between myself, 10.1.1.2, and two remote
# hosts. Note that names are not allowed for IP addresses.
#
# A decent hex string can be obtained by performing:
# od -x </dev/random | head
#
{
localidtype IP
localid 10.1.1.2
remoteidtype IP
remoteid 10.21.12.4
key 4b656265207761732068657265210c0a
}
{
localidtype IP
localid 10.1.1.2
remoteidtype IP
remoteid 10.9.1.25
key 536f20776572652042696c6c2c2052656e65652c20616e642043687269732e0a
}
SECURITY
If this file is compromised, all IPsec security associations derived
from secrets in this file will be compromised as well. The default
permissions on ike.preshared are 0600. They should stay this way.
SEE ALSO
od(1), random(4D), attributes(7), ikeadm(8), in.iked(8), ipseckey(8)
October 15, 2001 IKE.PRESHARED(5)