NEWKEY(8) Maintenance Procedures NEWKEY(8)


newkey - create a new Diffie-Hellman key pair in the publickey database


newkey -h hostname [-s nis | files | ldap]

newkey -u username [-s nis | files | ldap]


newkey establishes new public keys for users and machines on the network.
These keys are needed when using secure RPC or secure NFS service.

newkey prompts for a password for the given username or hostname and then
creates a new public/secret Diffie-Hellman 192 bit key pair for the user
or host. The secret key is encrypted with the given password. The key
pair can be stored in the /etc/publickey file or the NIS publickey map.

newkey consults the publickey entry in the name service switch
configuration file (see nsswitch.conf(5)) to determine which naming
service is used to store the secure RPC keys. If the publickey entry
specifies a unique name service, newkey will add the key in the specified
name service. However, if there are multiple name services listed, newkey
cannot decide which source to update and will display an error message.
The user is required to specify the source explicitly with the -s option.

In the case of NIS, newkey should be run by the superuser on the master
NIS server for that domain.

In the case of LDAP, newkey should be run by the superuser on a machine
that also recognizes the directory manager's bind distinguished name (DN)
and password to perform an LDAP update for the host.


-h hostname
Create a new public/secret key pair for the privileged
user at the given hostname. Prompts for a password for the
given hostname.

-u username
Create a new public/secret key pair for the given
username. Prompts for a password for the given username.

-s nis
-s files
-s ldap
Update the database in the specified source: nis (for
NIS), files, or ldap (LDAP). Other sources may be
available in the future.


chkey(1), keylogin(1), nsswitch.conf(5), publickey(5), attributes(7)

February 25, 2017 NEWKEY(8)