How to Verify That the Preshared Keys Are Identical

If the preshared keys on the communicating systems are not identical, you see the following error message:

# rup system2
system2: RPC: Rpcbind failure

1. On the system console, become superuser or assume an equivalent role.

   ---

   Note –

   Logging in remotely exposes security-critical traffic to eavesdropping. Even if you somehow protect the remote login, the security of the system is reduced to the security of the remote login session.

   ---

2. Check that the in.iked daemon permits you to change keying material.

   # /usr/sbin/ikeadm get priv Current privilege level is 0x0, base privileges enabled

   You can view keying material if the command returns a privilege level of 0x2. Level 0x0 does not permit keying material operations. By default, the in.iked daemon runs at the 0x0 level of privilege.

3. If the in.iked daemon does not permit you to view keying material, kill the daemon. Then, restart the daemon with the correct privilege level.

   # pkill in.iked # /usr/lib/inet/in.iked -p 2 Setting privilege level to 2!

4. On each system, view the preshared key information.

   # ikeadm dump preshared PSKEY: Preshared key (24 bytes): f47cb…/192 LOCIP: AF_INET: port 0, 192.168.116.16 (enigma). REMIP: AF_INET: port 0, 192.168.13.213 (partym).

5. Compare the two dumps.

   If the preshared keys are not identical, replace one key with the other key in the /etc/inet/secret/ike.preshared file.

6. When the verification is complete, lower the privilege level of the in.iked daemon.

   # ikeadm set priv base