1 .\" This program is free software; you can redistribute it and/or modify
2 .\" it under the terms of the GNU General Public License as published by
3 .\" the Free Software Foundation; either version 2 of the License, or
4 .\" (at your option) any later version.
6 .\" This program is distributed in the hope that it will be useful,
7 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
8 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 .\" GNU General Public License for more details.
11 .\" You should have received a copy of the GNU General Public License
12 .\" along with this program; if not, write to the Free Software
13 .\" Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
15 \\$2 \(laURL: \\$1 \(ra\\$3
17 .if \n[.g] .mso www.tmac
18 .TH PWMD 1 "16 Apr 2009" "Password Manager Client" "Password Manager Client"
21 pwmc \- send a command to a pwmd server
32 A server command is read from standard input and the command result, if any,
33 is sent to either a file descriptor or standard output.
38 A string to parse that can be used for remote pwmd server details rather than
39 the other command line options.
45 Connect to the specified local domain socket. The default is
49 .I "\--host, -h <hostname>"
50 Establish an SSH connection to the specified hostname. See
52 below for how to setup the SSH host to use
57 .I "\--port, -p <port>"
58 The port of the hostname to connect to. The default is 22.
61 .I "\--known-hosts, -k <filename>"
62 A file containing a list of SHA1 fingerprints of remote SSH servers that
64 will check against while authenticating the remote host. Note that this file
65 format differs from the usual
67 known_hosts file format.
70 .I "\--identity, -i <filename>"
73 identity file to use for public key authentication. This is the only supported
74 method of SSH authentication. Both the public and private key must be
78 .I "\--user, -u <username>"
79 The username to login as on the remote SSH server. The default is the invoking
83 .I "\--get-hostkey, -g"
84 Retrieve the SHA1 fingerprint of the remote SSH hostname specified with
86 The result should be appended to the known hosts file.
90 Connect to an IPv4 host only. The default is to try an IPv6 host first, then
95 Connect to an IPv6 host only. The default is to try an IPv6 host first, then
99 .I "\--name, -n <string>"
100 Set the client name to the specified string. This string is what shows up in
103 log files. The default is "pwmc".
107 Don't show server status messages. By default, status messages are written to
111 .I "\--inquire-fd <FD>"
112 For commands that use an INQUIRE from the server (STORE and IMPORT), this sets
113 the file descriptor that the data will be read from. By default, stdin is
117 .I "\--output-fd <FD>"
118 Redirect output to the specified file descriptor. The default is stdout.
122 After the command has been processed and no error occurred, send the SAVE
123 command to the server.
126 .I "\--iterations, -I <integer>"
127 Specifies the number of encryption iterations to use when
129 is used. The default is specified in the
131 server configuration.
134 .I "\--passphrase, -P <string>"
135 The passphrase to use when required. If not set then a
137 will be used if available.
140 .I "\--pinentry, <path>"
141 The full path to the pinentry binary. The default is the
143 server configured setting.
146 .I "\--ttyname, <path>"
147 The full path of the TTY for
149 to prompt on. The default is the current terminal.
152 .I "\--ttytype, <string>"
153 The terminal type of the specified TTY that
155 should use. This is required if
160 .I "\--display, <string>"
163 should use. Note that a remote SSH
165 is currently not supported. The default is the current DISPLAY if set.
168 .I "\--lc-ctype, <string>"
174 .I "\--lc-messages, <string>"
181 The number of times before failing when an invalid passphrase is entered in
184 dialog. The default is 3.
187 .I "\--timeout, <seconds>"
188 The number of seconds before
190 will timeout while waiting for a passphrase. The default is 30.
193 .I "\--local-pinentry"
194 Force using the local pinentry for passphrase retrieval. This has the same
205 but expire any cache entry on the server before saving. When used with
207 the initial passphrase is also cleared.
218 In order to get this to work you need to put the following in your
219 .B ~/.ssh/authorized_keys
220 file on the remote SSH host. It should be prepended to the hash of the public
221 key that was generated using
223 and specified using the
227 command="socat gopen:$HOME/.pwmd/socket -"
231 command can be replaced with any utility that can read from stdin and write
232 to a local domain socket, and vice-versa.
237 is a program that prompts the user for input of a passphrase. This is
238 currently not supported when connected to a remote pwmd server since X11 port
239 forwarding is not done yet.
241 The terminal, terminal type or DISPLAY that pinentry will prompt on is either
242 set with the command line options or uses options set in
243 .B ~/.pwmd/pinentry.conf
244 when available. Otherwise the current terminal and terminal type or X11
248 .B ~/.pwmd/pinentry.conf
249 file contains one NAME=VALUE pair per line. Comments begin with a '#'.
252 The full path to the location of the pinentry binary.
255 The X11 display to use.
258 The full path to the tty that pinentry should prompt on.
261 The terminal type of the tty (i.e., vt100) which is required if DISPLAY is not
266 To list the available accounts and use
268 to get the passphrase (if required):
270 echo list | pwmc filename
273 To store an element path and save the file afterwards:
275 echo -ne 'store isp\\tsmtp\\thostname\\tsomehost.com' | pwmc -S filename
280 echo -en 'store blah\\tstuff\\t' | pwmc -S -I 3 filename 3<data_file
282 And then to get the content:
284 echo -e 'get blah\\tstuff' | pwmc filename
287 Clear the file cache for a single file:
289 echo 'clearcache filename' | pwmc
292 To list the contents of a data file which is stored on a remote pwmd server
293 over an SSH connection:
295 echo list | pwmc --url ssh://user@hostname,~/identity,~/known_hosts filename
301 Default socket to connect to.
303 .B ~/.pwmd/pinentry.conf
304 Default settings that
306 will use for the terminal, terminal type or X11 display.
309 Default location of the
314 Ben Kibbey <bjk@luxsci.net>
316 .URL "http://bjk.sourceforge.net/pwmd/" "PWMD Homepage" .
322 .BR authorized_keys (5),