omshell how to use

Pieter Donche Pieter.Donche at
Wed Dec 10 06:51:50 PST 2008

To use omshell for changing dhcpd.conf, one needs to use a TSIG key.

Did the following:
# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST omapi_key
responded with:

and created the files:
-rw-------   1 root   admin    118 Dec 10 15:42 Komapi_key.+157+18443.key
-rw-------   1 root   admin    156 Dec 10 15:42 Komapi_key.+157+18443.private

# cat Komapi_key.+157+18443.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu1bM0ZzxdIhj0sQ==
Bits: AAA=

# vi /usr/local/etc/dhcpd.conf
and added the statements

key omapi_key {
algorithm HMAC-MD5;
secret "Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu1bM0ZzxdIhj0sQ==";
omapi-key omapi_key;

Then I started dhcpd,  but it immediatly complains :
Starting dhcpd
/usr/local/etc/dhcpd.conf: line 10: invalid base 64 character 10
secret "Tq4+Idv4lCBt/zOyXIzZAxYhP3xcsUECEQVXWpTxIfTISCh4B0jwlYWxQs1FfiUYWVNSdTbu
/usr/local/etc/dhcpd.conf: line 12: Expecting a parameter or declaration

What exactly does one have to specify on the 'secret' line ??
The manual for omshell or dnssec-keygen don't have examples...

Please a real life example with all the relevant information ...

> The command-line tool you're looking for is omshell.  If you want
> something different, then you're looking at implementing a wrapper
> script or program of your own design.
> Never had the need to use omshell, but the following random Google
> search result looks appropriate for what you're trying to do:
> <>

More information about the freebsd-questions mailing list