System Administration Guide: IP Services

Using Pre–Shared Keys

Pre-shared keys are created by an administrator on one system, and shared out of band with administrators of communicating systems. The administrator should take care to create large random keys and to protect the file and the out-of-band transmission. The keys are placed in the /etc/inet/secret/ike.preshared file on each system. The ike.preshared(4) file is for IKE as the ipseckeys file is for IPsec. Compromise of the keys in the ike.preshared file compromises all keys derived from them.

One system's pre-shared key must be identical to its communicating system's key. The keys are tied to a particular IP address, and are most secure when one administrator controls the communicating systems.