--- /dev/null
+manpage(SILC) (1) (October 31 2002) (silc-client-0.9.7) (silc-client)
+
+
+manpagename(silc) (client for SILC, a secure and flexible conferencing network)
+
+
+manpagesynopsis()
+bf(silc) bf([) -S em(file) | -d | -C | -c em(host) | -w em(pass) |
+-p em(port) | -! | -n em(nick) | -h em(host) | -v | -? bf(])
+
+
+manpagedescription()
+SILC (Secure Internet Live Conferencing) is a secure conferencing network.
+bf(Silc) is the SILC client which is used to connect to SILC server and
+the SILC network. The silc client resembles IRC clients to make the
+using easier for new users.
+
+bf(Silc) supports sending of practically any kind of messages in addition
+of normal text messages in the SILC network. The session to SILC server
+is secured with session key, channel messages are protected with channel
+key and private messages with session keys. It is also possible to use
+private channel keys and private message keys in addition of channel
+generated keys.
+
+bf(Silc) supports em(passphrase) and public key authentication based on
+em(digital signatures), when connecting to SILC server. bf(Silc) also supports
+key exchange (key agreement) between other bf(Silc) users in the SILC
+network to negotiate secret key material. This key material then can be
+used to secure for example private messages. It is also possible to exchange
+public keys and certificates in the SILC network between clients and servers.
+
+The bf(silc) also supports em(detaching) from the SILC network by closing
+the connection to the server but without quitting from the network. Next
+time the bf(silc) connects to the server it em(resumes) the session in the
+SILC network. During the detaching the user remains in the network and other
+users may query the user information and see that user is in network but
+currently detached. Messages sent to user while being detached are
+dropped by the server. When resuming is over the user has automatically
+same nickname than before detaching and remains on all channels, and it
+seems like user never left the network.
+
+The bf(silc) also supports creation of em(friends) list, which is kind of
+buddy list familiar from IM (Instant Messaging) clients. By using the
+bf(WHOIS) SILC command with em(-details) option it possible to fetch the
+user's information such as their public keys and certificates, business
+card, pictures, and other information and save them to the friends list.
+The friends list is located at bf(~/.silc/friends/) directory.
+
+The SILC public key and private key pair is used to authenticate the user
+to the SILC server when connecting a server. This key pair is created
+automatically when the bf(silc) is run for the first time. It also can
+be created with bf(-C) option.
+
+When connecting for the first time to SILC server, user will be asked to
+accept the server's public key. When key is accepted the bf(silc) saves
+the public key for future into bf(~/.silc/serverkeys/) directory. The
+next time user connects to same server the public key is verified against
+the saved public key. The purposeof this public key saving is to avoid
+man-in-the-middle attacks which could be possible if the key would have
+to be verified everytime user connects to the server.
+
+manpageoptions()
+bf(-c) em(host) Connect to given host
+
+bf(-p) em(port) Connect to em(port)
+
+bf(-C) Create new public key pair
+
+bf(-P) Change the passphrase of the private key file
+
+bf(-S) em(keyfile) Display the contents of given SILC public key from file
+
+bf(-n) em(nick) Specify what nick to use
+
+bf(-h) em(host) Give em(host) as your hostname
+
+bf(-w) em(pass) Use em(pass) as password for connection
+
+bf(-d) em(string) Enable debugging
+
+bf(-v) Display client version
+
+bf(-!) Do not autoconnect
+
+bf(-?) Display client help message
+
+
+manpagesection(LONG OPTIONS)
+
+bf(--connect)=em(SERVER) Same as bf(-c).
+
+bf(--port)=em(PORT) Same as bf(-p).
+
+bf(--home)=em(PATH) Client home dir (em(~/.silc)).
+
+bf(--config)=em(PATH) Configuration file location (em(~/.silc/silc.conf)).
+
+bf(--list-ciphers) List supported ciphers.
+
+bf(--list-hash-funcs) List supported hash functions.
+
+bf(--list-hmacs) List supported HMACs.
+
+bf(--list-pkcs) List supported PKCSs.
+
+bf(--create-key-pair) Same as bf(-C).
+
+bf(--passphrase-change) Same as bf(-P).
+
+bf(--nick)=em(NICK) Same as bf(-n).
+
+bf(--hostname)=em(HOST) Same as bf(-h).
+
+bf(--password)=em(PASS) Same as bf(-w).
+
+bf(--debug)=em(STRING) Same as bf(-d), limit to messages *em(STRING)*.
+
+bf(--dummy) Use dummy terminal mode.
+
+bf(--version) Same as bf(-v).
+
+bf(--noconnect) Same as bf(-!).
+
+bf(--help) Same as bf(-?).
+
+bf(--usage) Display very brief usage summary.
+
+
+manpagesection(KEY GENERATION)
+When generating key pair(s) for silc (bf(-C)), the following extra
+switches apply:
+
+bf(--pkcs)=em(PKCS) Set the public key algorithm of key pair. For example bf(rsa).
+
+bf(--bits)=em(VALUE) Set the length of public key pair, in bits.
+
+
+
+manpagefiles()
+bf(~/.silc/silc.conf)
+quote(Client's configuration file)
+
+bf(~/.silc/public_key.pub)
+quote(The SILC public key of the user)
+
+bf(~/.silc/private_key.pub)
+quote(The SILC private key of the user)
+
+bf(~/.silc/clientkeys/)
+quote(The directory holding the public keys of other users the user have
+accepted and trusted in the SILC network. The public keys can be received
+with bf(GETKEY) SILC command or during key agreement between two users.)
+
+bf(~/.silc/clientkeys/)
+quote(The directory holding the public keys of servers the user have accepted
+and trusted when connecting to a server.)
+
+bf(~/.silc/friends/)
+quote(The directory holding the information of em(friends) that user has.
+User can create a friend list with bf(WHOIS -details) SILC command. This
+directory holds the friends' public keys, business cards, pictures, and
+other information.)
+
+
+manpageseealso()
+bf(silcd(8)) bf(silc(1))
+
+
+manpagesection(NETWORK RESOURCES)
+Homepage: bf(http://silcnet.org)
+
+SILC Client is based on Irssi IRC client: bf(http://irssi.org)
+
+User's guide: bf(http://www.silcnet.org/docs/)
+
+
+manpageauthor()
+SILC is designed and written by Pekka Riikonen <priikone@iki.fi> and rest
+of the SILC Project.
+
+This manpage was written by Mika 'Bostik' Boström <bostik@lut.fi>
+
+See bf(CREDITS) for full list of contributors.
+
+
--- /dev/null
+manpage(SILCD_CONF) (5) (November 2 2002) (silc-server-0.9.7.1) (silc-server)
+
+
+manpagename(silcd.conf) (format of configuration file for silcd)
+
+manpagesection(CONFIGURATION FILE)
+bf(Silcd) reads its configuration from /etc/silc/silcd.conf (or the file
+specified with bf(-f)). The file contains sections, subsections and key-value
+pairs. Each section or subsection is bound with a starting em({) and ending
+em(}). Keys and values are of the format 'em(KEY)=em(VALUE);'. All statements
+as well as sections must be terminated with a ';'.
+
+Mandatory section in configuration file is em(ServerInfo). Other sections
+are optional but recommended. If em(General) section is defined it must
+be defined before the em(ConnectionParams) section. On the other hand,
+the em(ConnectionParams) section must be defined before em(Client),
+em(ServerConnection) and/or em(RouterConnection) sections. Other sections
+are be in free order in the configuration file.
+
+nsect(SECTION: General)
+
+em(General) section contains global settings for the silcd.
+
+bf(module_path)
+quote(Defines where SIM modules are located. If definition is omitted,
+built-in modules will be used. Also, if a module can not be located, a built-in
+module will be used in its place. The argument is a path to the directory the
+modules are in, for example bf("/usr/local/silc/modules").)
+
+bf(prefer_passphrase_auth)
+quote(If both public key and passphrase authentication are set for a
+connection, public key authentication is by default preferred. Setting this
+value to em(true) causes silcd to prefer passphrase authentication in these
+cases.)
+
+bf(require_reverse_lookup)
+quote(Set this value to em(true) if all connecting hosts must have a fully
+qualified domain name (FQDN). If set to true, a host without FQDN is not
+allowed to connect to server.)
+
+bf(connections_max)
+quote(Maximum number of incoming connections to this server. Any further
+connections are refused.)
+
+bf(connections_max_per_host)
+quote(Maximum number of incoming connections from any single host. This
+setting can be overridden on a connection-specific basis with
+em(ConnectionParams).)
+
+bf(version_protocol)
+quote(Defines the minimum required version of protocol to allow connecting
+to server. A client or server using this version of protocol or newer is
+allowed to connect, one using anything older will be rejected. Leaving unset
+allows all versions to connect. This can be overridden with
+em(ConnectionParams).)
+
+bf(version_software)
+quote(Defines the minimum required version of software to allow connecting
+to server. A client or server that is of this version or newer is allowed
+to connect, one using anything older will be rejected. Leaving unset allows
+all versions to connect. This can be overridden with em(ConnectionParams).)
+
+bf(version_software_vendor)
+quote(Defines the allowed software vendor string that is required to connect.
+Usually this is either a build number or special client tag. Using this
+requirement is not encouraged unless the server is in very limited use.
+Leaving unset allows all versions regardless of their vendor to connect.
+Can be overridden with em(ConnectionParams).)
+
+bf(key_exchange_rekey)
+quote(Defines the interval, in seconds, how often the session key will be
+regenerated. This setting only applies to the connection initiator, as rekey
+is always performed by the initiating party. Setting has effect only when
+the server acts as an initiator, and can be overridden with
+em(ConnectionParams).)
+
+bf(key_exchange_pfs)
+quote(Boolean value to determine, whether key-exchange is performed with
+Perfect Forward Secrecy (PFS) or without. If set to em(true), the rekey
+process will be somewhat slower, but more secure since the key is
+entirely regenerated. Can be overridden with em(ConnectionParams).)
+
+bf(key_exchange_timeout)
+quote(Key exchange timeout in seconds. If the key exchange is not completed
+within this time, the remote connection will be closed.)
+
+bf(conn_auth_timeout)
+quote(Connection authentication timeout in seconds. If the connection
+authentication is not completed within this time, the remote connection
+will be closed.)
+
+bf(channel_rekey_secs)
+quote(Seconds, how often channel key will be regenerated. Note that channel
+key is regenerated each time someone joins or leaves the channel. This is
+the maximum time any channel can have the same key.)
+
+bf(detach_disabled)
+quote(Boolean value controlling, whether clients are denied to use DETACH
+command. Default value is false (DETACH is allowed).)
+
+bf(detach_timeout)
+quote(Time in seconds how long detached sessions will be available. By
+default, detached sessions do not expire and as such, are persistent as long
+as the server is running. If DETACH command is allowed, this value should
+be set as well.)
+
+bf(qos)
+quote(Boolean value controlling, whether Quality of Service settings are
+enabled. Default setting is false. NOTE: If you enable QoS in general section,
+it applies to every connection the server has, including server connections.
+This setting can be overridden with em(ConnectionParams) and in case of
+server connections, it SHOULD BE overridden (server connections should not
+use QoS).)
+
+bf(qos_rate_limit)
+quote(Limits read operations per second to given amount. Do note that one read
+operation may read several SILC packets, so this setting does not
+automatically correspond to amount of messages transmitted or accepted.)
+
+bf(qos_bytes_limit)
+quote(Limits incoming SILC data to the specified bytes per second.)
+
+bf(qos_limit_sec)
+quote(This value defines the timeout, in seconds, the delay for received data
+in case it was left in a QoS queue.)
+
+bf(qos_limit_usec)
+quote(This value defines, in microseconds, the delay received data for received
+data in case it was left in a QoS queue.)
+
+nsect(SECTION: ServerInfo)
+
+em(ServerInfo) contains values for bound interfaces and administrative info.
+
+bf(hostname)
+quote(Server's name (FQDN).)
+
+bf(ServerType)
+quote(This is a descriptive text field, usually telling what the server and
+its purpose are.)
+
+bf(Location)
+quote(Descriptive field of server's geographic location.)
+
+bf(Admin)
+quote(Administrator's full name.)
+
+bf(AdminEmail)
+quote(Administrator's email address.)
+
+bf(User)
+quote(The name of the user account silcd will be running on. This must be an
+existing user. Silcd needs to executed as root; after binding the port it
+will drop root privileges and use the account given here.)
+
+bf(Group)
+quote(The name of the group silcd will be running on. This must be an existing
+group. Silcd needs to be executed as root; after binding the port it will drop
+root privileges and use the group given here.)
+
+bf(PublicKey)
+quote(Full path to server's public key file.)
+
+bf(PrivateKey)
+quote(Full path to server's private key file.)
+
+bf(MotdFile)
+quote(Full path to MOTD (Message Of The Day) file, a text file that will be
+displayed to each client connection.)
+
+bf(PidFile)
+quote(Full path to file where silcd will write its PID.)
+
+nsubsect(SUBSECTION: Primary)
+
+This is the primary listener info. Each server can have no more than one em(Primary)
+section.
+
+bf(ip)
+quote(Specifies the address silcd is listening on.)
+
+bf(port)
+quote(Specifies the port silcd is listening on.)
+
+nsubsect(SUBSECTION: Secondary)
+
+This is a secondary listener info. A server may have any amount of
+em(Secondary) listener settings. These are needed only if silcd needs
+to listen on several interfaces. em(Secondary) subsections have the same
+information that em(Primary) does.
+
+nsect(SECTION: Logging)
+
+This section is used to set up various log files; their paths, maximum
+sizes and individual logging options.
+
+There are four defined logging channels. The log channels have an
+importance value, and more important channels are always redirected to the
+less important ones. Setting a valid logging file for em(Info) will ensure
+logging for all channels, whereas a setting for em(Errors) would only ensure
+logging for em(Errors) and em(Fatals).
+
+bf(Timestamp)
+quote(A boolean value that dictates whether log lines will have timestamps
+prefixed. In general, this is a good idea. You might want to disable this
+if you are running silcd under some special logging daemon, such as
+daemontools.)
+
+bf(QuickLogs)
+quote(A boolean value that determines how often log files are updated. Setting
+this to em(true) makes silcd log in real-time. Setting this to em(false) makes
+silcd write to logs every em(FlushDelay) seconds. Real-time logging causes a
+bit more CPU and HDD usage but reduces memory consumption.)
+
+bf(FlushDelay)
+quote(Time in seconds, how often logs are flushed to logfiles. This setting
+has effect only if em(QuickLogs) is disabled.)
+
+nsubsect(SUBSECTION: Info)
+nsubsect(SUBSECTION: Warnings)
+nsubsect(SUBSECTION: Errors)
+nsubsect(SUBSECTION: Fatals)
+Each of these subsections has the same attributes, em(File) and em(Size).
+Different levels of problems are logged to their respective channels
+(em(Info), em(Warnings), em(Errors), em(Fatals)), depending on their need
+of attention.
+
+bf(File)
+quote(Full path to log file.)
+
+bf(Size)
+quote(Limit the size the log file is allowed to grow to. Any further messages
+to this file cause the oldest lines to be removed in order to keep the file
+size within given limit.)
+
+nsect(SECTION: ConnectionParams)
+
+This section defines connection parameters. Each connection may have its own
+set of em(ConnectionParams) but having one is in no way mandatory. If no
+separate parameters have been assigned, the defaults and the ones from
+em(General) section will be used. A silcd configuration may have any number of
+em(ConnectionParams) sections.
+
+bf(name)
+quote(This is a unique name that separates bf(this) particular
+em(ConnectionParams) section from all the others. It is also the name with
+which settings are referred to a given set of parameters. This field is
+mandatory.)
+
+bf(connections_max)
+quote(Limits how many concurrent connections are allowed. Any further
+connections are simply refused. Note that this setting can not override the
+figure given in em(General) section.)
+
+bf(connections_max_per_host)
+quote(Maximum number of connections allowed from any single host. If this
+parameter is set for a block controlling server connections, it is highly
+suggested to use a value of one (1).)
+
+bf(version_protocol)
+quote(Exactly the same as in em(General) section.)
+
+bf(version_software)
+quote(Exactly the same as in em(General) section.)
+
+bf(version_software_vendor)
+quote(Exactly the same as in em(General) section.)
+
+bf(keepalive_secs)
+quote(How often (seconds) to send HEARTBEAT packets to connected clients.)
+
+bf(reconnect_count)
+quote(When connection is lost, how many times a reconnection is tried.)
+
+bf(reconnect_interval)
+quote(How often, in seconds, a reconnection is attempted.)
+
+bf(reconnect_interval_max)
+quote(Reconnection time is lengthened each time an unsuccessful attempt
+occurs. This value defines the maximum interval to which the delay may
+be prolonged.)
+
+bf(reconnect_keep_trying)
+quote(Boolean value controlling whether server eventually gives up trying
+to reconnect. If set to em(false), server will give up once em(reconnect_count)
+is reached or even at maximum interval, no connection is established.)
+
+bf(key_exchange_rekey)
+quote(Exactly the same as in em(General) section.)
+
+bf(key_exchange_pfs)
+quote(Exactly the same as in em(General) section.)
+
+bf(anonymous)
+quote(This boolean setting has meaning only to client connections. If set to
+em(true), client connections using this em(ConnectionParams) block will have
+their username and host scrambled. The client will also have an anonymous mode
+set to it.)
+
+bf(qos)
+quote(Exactly the same as in em(General) section NOTE: For server
+connection this should be set to em(false) value.)
+
+bf(qos_rate_limit)
+quote(Exactly the same as in em(General) section.)
+
+bf(qos_bytes_limit)
+quote(Exactly the same as in em(General) section.)
+
+bf(qos_limit_sec)
+quote(Exactly the same as in em(General) section.)
+
+bf(qos_limit_usec)
+quote(Exactly the same as in em(General) section.)
+
+nsect(SECTION: Client)
+
+This section defines how incoming client connections are handled. There can
+be several em(Client) sections, each with their own requirements. A silcd admin
+could for example require that connections from certain IP-address space must
+supply a connection password.
+
+bf(Host)
+quote(An address or wildcarded set of addresses, either in numeric IP-address
+fashion or as hostnames. For example em("10.1.*") or
+em("*.mydomain.domain.org").)
+
+bf(Passphrase)
+quote(The required passphrase to allow client connection.)
+
+bf(PublicKey)
+quote(The path to a file containing the client's public key. There can be any
+number of em(PublicKey) statements in one em(Client) section. Matching any of
+them will do.)
+
+bf(Params)
+quote(Name of client connection parameters.)
+
+nsect(SECTION: ServerConnection)
+
+This section defines a configured server connection. A regular SILC
+server does not need one at all. If this block exists, it means that the
+server is a SILC router. There must be one em(ServerConnection) for each
+SILC server that connects to this router.
+
+bf(Host)
+quote(Either an FQDN or strict IP-address of the connecting server.)
+
+bf(Passphrase)
+quote(If server connection requires passphrase authentication, set it here.)
+
+bf(PublicKey)
+quote(This is a path to connecting server's public key. If server connection
+requires public key authentication, set this value. If both em(Passphrase)
+and em(PublicKey) are set, then either of them will be accepted.)
+
+bf(Params)
+quote(Connection parameters.)
+
+bf(Backup)
+quote(A boolean value controlling whether this server acts as a backup. Set
+to em(false) for normal servers. If set to em(true), this server is a backup
+router.)
+
+nsect(SECTION: RouterConnection)
+This section covers router connections. Stand-alone servers won't have this
+section, and regular servers should only have one.
+
+Router servers need one em(RouterConnection) for each other router they have
+been configured to connect to. First configured section is the primary route.
+
+bf(Port)
+quote(If em(Initiator) is set tro em(true), this setting defines the remote
+port in which to connect. if em(Initiator) is set to false, then this defines
+the local (listening) port.)
+
+bf(Passphrase)
+quote(If connecting server requires a passphrase authentication, it is set
+here.)
+
+bf(PublicKey)
+quote(If connecting to server requires public key authentication, the path
+to server's public key file is set here.)
+
+bf(Params)
+quote(Connection parameters.)
+
+bf(Initiator)
+quote(A boolean setting that defines whether this server is the connecting
+party.)
+
+bf(BackupHost)
+quote(If the configured connection is a backup connection, set this to the
+address of the main router that will be replaced. For normal router connection
+leave this option out.)
+
+bf(BackupPort)
+quote(If the configured connection is a backup connection, set this to the
+remote port which to connect to. For normal router connection, leave this
+option out.)
+
+bf(BackupLocal)
+quote(A boolean value. If this setting is em(true), then the backup router
+is in the same cell. If the backup router is in another cell, set this
+to em(false). Needless to say, for normal router connection, leave this
+option out.)
+
+nsect(SECTION: Admin)
+
+This section defines configured administration connections.
+
+bf(Host)
+quote(Either FQDN or a strict IP-address to the origin of connection.
+This field is optional.)
+
+bf(User)
+quote(Username that the connecting client announces. This field is optional.)
+
+bf(Nick)
+quote(Nickname that the connecting client announces. This field is optional.)
+
+bf(Passphrase)
+quote(Passphrase required to obtain server operator privileges.)
+
+bf(PublicKey)
+quote(Path to administrator's public key file. If both em(Passphrase) and
+em(PublicKey) are defined, either one can be used.)
+
+nsect(SECTION: Deny)
+This section defines denied incoming connections. They apply equally to both
+client and server connections, so make sure you know what you add here. Each
+em(Deny) section covers one instance of denied connection(s). There may be any
+number of em(Deny) sections.
+
+bf(Host)
+quote(Address or wildcarded addresses of denied connections. bf(NOTE!) This
+field is not mandatory, but highly recommended. If you don't specify em(Host)
+at all, or give it a value of "*", you have a silcd that denies every single
+incoming connection.)
+
+bf(Reason)
+quote(A string giving the reason for why the connecting party is not allowed
+to connect. Unlike em(Host), this field IS mandatory.)
+
+
+manpagefiles()
+bf(silcd.conf)
+
+
+manpageseealso()
+bf(silcd(8))
+
+
+manpageauthor()
+SILC is designed and written by Pekka Riikonen <priikone@iki.fi> and rest
+of the SILC Project.
+
+Configuration file format and parser is by Johnny Mnemonic.
+
+This manpage was written by Mika 'Bostik' Boström <bostik@lut.fi>
+
+See bf(CREDITS) for full list of contributors.
projects / crypto.git / commitdiff