You can set key values at the wanboot program boot> prompt on a running system. If you use this method to install keys, the keys are only used for the current WAN boot installation.
If you want to install a hashing key and an encryption key in the OBP of a running client, follow these steps.
This procedure makes the following assumptions.
The client system is powered on.
The client is accessible over a secure connection, such as a secure shell (ssh).
Assume the same user role as the web server user on the WAN boot server.
Display the key value for the client keys.
# wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type |
The IP address of the client's subnet.
The ID of the client you want to install. The client ID can be a user-defined ID or the DHCP client ID.
The key type you want to install on the client. Valid key types are 3des, aes, or sha1.
The hexadecimal value for the key is displayed.
Repeat the previous step for each type of client key you want to install.
Become superuser on the client machine.
Install the necessary keys on the running client machine.
# /usr/lib/inet/wanboot/ickey -o type=key-type > key-value |
Specifies the key type you want to install on the client. Valid key types are 3des, aes, or sha1.
Specifies the hexadecimal string that is displayed in Step 2.
Repeat the previous step for each type of client key you want to install.
After you install the keys, you are ready to install the client. See Installing the Client for instructions about how to install the client system.
The following example shows how to install keys in the OBP of a running client.
Display the key values on the WAN boot server.
# wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 # wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 |
The previous example uses the following information.
Specifies the IP address of the client's subnet
Specifies the client's ID
Specifies the value of the client's HMAC SHA1 hashing key
Specifies the value of the client's 3DES encryption key
If you use an AES encryption key in your installation, change type=3des to type=aes to display the encryption key value.
Install the keys in the OBP of the running client.
# /usr/lib/inet/wanboot/ickey -o type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 # /usr/lib/inet/wanboot/ickey -o type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 |
The previous commands perform the following tasks.
Installs a HMAC SHA1 hashing key with a value of b482aaab82cb8d5631e16d51478c90079cc1d463 on the client
Installs a 3DES encryption key with a value of 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 on the client
After you install keys on your client, you are ready to install the client over the WAN. For instructions, see Installing the Client.
For more information about how to display key values, see the man page wanbootutil(1M).
For additional information about how to install keys on a running system, see ickey(1M).