1 .\" This program is free software; you can redistribute it and/or modify
2 .\" it under the terms of the GNU General Public License as published by
3 .\" the Free Software Foundation; either version 2 of the License, or
4 .\" (at your option) any later version.
6 .\" This program is distributed in the hope that it will be useful,
7 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
8 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 .\" GNU General Public License for more details.
11 .\" You should have received a copy of the GNU General Public License
12 .\" along with this program; if not, write to the Free Software
13 .\" Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
15 \\$2 \(laURL: \\$1 \(ra\\$3
17 .if \n[.g] .mso www.tmac
18 .TH PWMD 1 "04 Apr 2009" "Password Manager Client" "Password Manager Client"
21 pwmc \- send a command to a pwmd server
32 A server command is read from standard input and the command result, if any,
33 is sent to either a file descriptor or standard output.
38 Connect to the specified local UNIX domain socket. The default is
42 .I "\--host, -h <hostname>"
43 Establish an SSH connection to the specified hostname. See
45 below for how to setup the SSH host to use
50 .I "\--port, -p <port>"
51 The port of the hostname to connect to. The default is 22.
54 .I "\--known-hosts, -k <filename>"
55 A file containing a list of SHA1 fingerprints of remote SSH servers that
57 will check against while authenticating the remote host. Note that this file
58 format differs from the usual
60 known_hosts file format.
63 .I "\--identity, -i <filename>"
66 identity file to use for public key authentication. This is the only supported
67 method of SSH authentication. Both the public and private key must be
71 .I "\--user, -u <username>"
72 The username to login as on the remote SSH server. The default is the invoking
76 .I "\--get-hostkey, -g"
77 Retrieve the SHA1 fingerprint of the remote SSH hostname specified with
79 The result should be appended to the known hosts file.
83 Connect to an IPv4 host only. The default is to try an IPv6 host first, then
88 Connect to an IPv6 host only. The default is to try an IPv6 host first, then
92 .I "\--name, -n <string>"
93 Set the client name to the specified string. This string is what shows up in
96 log files. The default is "pwmc".
100 Don't show server status messages. By default, status messages are written to
104 .I "\--inquire-fd <FD>"
105 For commands that use an INQUIRE from the server (STORE and IMPORT), this sets
106 the file descriptor that the data will be read from. By default, stdin is
110 .I "\--output-fd <FD>"
111 Redirect output to the specified file descriptor. The default is stdout.
115 After the command has been processed and no error occurred, send the SAVE
116 command to the server.
119 .I "\--iterations, -I <integer>"
120 Specifies the number of encryption iterations to use when
122 is used. The default is specified in the
124 server configuration.
127 .I "\--passphrase, -P <string>"
128 The passphrase to use when required. If not set then a
130 will be used if available.
133 .I "\--pinentry, <path>"
134 The full path to the pinentry binary. The default is the
136 server configured setting.
139 .I "\--ttyname, <path>"
140 The full path of the TTY for
142 to prompt on. The default is the current terminal.
145 .I "\--ttytype, <string>"
146 The terminal type of the specified TTY that
148 should use. This is required if
153 .I "\--display, <string>"
156 should use. Note that a remote SSH
158 is currently not supported. The default is the current DISPLAY if set.
161 .I "\--lc-ctype, <string>"
167 .I "\--lc-messages, <string>"
174 The number of times before failing when an invalid passphrase is entered in
177 dialog. The default is 3.
180 .I "\--timeout, <seconds>"
181 The number of seconds before
183 will timeout while waiting for a passphrase. The default is 30.
194 In order to get this to work you need to put the following in your
195 .B ~/.ssh/authorized_keys
196 file on the remote SSH host. It should be prepended to the hash of the public
197 key that was generated using
199 and specified using the
203 command="socat gopen:$HOME/.pwmd/socket -"
207 command can be replaced with any utility that can read from stdin and write
208 to a unix domain socket, and vice-versa.
213 is a program that prompts the user for input of a passphrase. This is
214 currently not supported when connected to a remote pwmd server since X11 port
215 forwarding is not done yet.
217 The terminal, terminal type or DISPLAY that pinentry will prompt on is either
218 set with the command line options or uses options set in
219 .B ~/.pwmd/pinentry.conf
220 when available. Otherwise the current terminal and terminal type or X11
224 .B ~/.pwmd/pinentry.conf
225 file contains one NAME=VALUE pair per line. Comments begin with a '#'.
228 The full path to the location of the pinentry binary.
231 The X11 display to use.
234 The full path to the tty that pinentry should prompt on.
237 The terminal type of the tty (i.e., vt100) which is required if DISPLAY is not
242 To list the available accounts and use
244 to get the passphrase (if required):
246 echo list | pwmc filename
249 To store an element path and save the file afterwards:
251 echo -ne 'store isp\\tsmtp\\thostname\\tsomehost.com' | pwmc -S filename
256 echo -en 'store blah\\tstuff\\t' | pwmc -S -I 3 filename 3<data_file
258 And then to get the content:
260 echo -e 'get blah\\tstuff' | pwmc filename
263 Clear the file cache for a single file:
265 echo 'clearcache filename' | pwmc
268 To list the contents of a data file which is stored on a remote pwmd server
269 over an SSH connection:
271 echo list | pwmc -h hostname -k host_hash -i identity_file filename
277 Default socket to connect to.
279 .B ~/.pwmd/pinentry.conf
280 Default settings that
282 will use for the terminal, terminal type or X11 display.
285 Default location of the
290 Ben Kibbey <bjk@luxsci.net>
292 .URL "http://bjk.sourceforge.net/pwmd/" "PWMD Homepage" .
298 .BR authorized_keys (5),