skip-install.txt
763024339faee173fff45a8437b133c65fecf1cdbf9c0872f70629fa6c139a40
Quick-Start Guide
-----------------
This is a quick-start guide for SKIP. It covers installing the SKIP
binaries and setting up IP-level encryption between two hosts.
These instructions assume that only one network interface is active
on your machine.
For complete documentation, please refer to the contents of the
doc directory and the SKIP man pages.
1. Install the binaries:
zcat skip.tar.tar | (cd /usr; tar -xvf -)
sh /usr/skip/install.skip
2. Configure a secret/certificate pair.
If you wish to use certificates from a trusted Certificate Authority,
please see the SKIP Installation and User's Guide for instructions.
Otherwise, generate a secret and dhpublic certificate locally by
issuing the command:
skiplocal keygen
3. Add skip to your network interface
skipif -a
4. Reboot the machine.
5. Enable SKIP and configure IP encryption with one other host:
PATH=$PATH:/usr/skip/bin; export PATH
skiphost -a default # default IP traffic is unencrypted
skiplocal export # prints the skiphost command others need
# to run to talk to us
skiplocal export | mail Friend@remote.host
Friend@remote.host should issue these commands as well. Once the
corresponding mail is received, verify out-of-band (say, over the
telephone) that the received mail matches the mail which was sent.
Then execute the received skiphost command.
skiphost -o on # enable SKIP
Is it working?
--------------
At this point encryption should be enabled with the remote host.
Traffic will be exchanged with all other hosts in the clear.
Ping the other host to make sure things are working:
ping host
View the key manager log file to see if the the certificate
exchange and the shared secret computation succeeded:
tail /var/log/skip.log
If you have tcpdump, etherfind, snoop, or some other packet dumping
utility, you can verify that encrypted packets are using protocol 57.
Examining the Local SKIP Configuration
--------------------------------------
skiphost # list the SKIP access control entries
skiplocal list # list the set of local identities
skipdb list # list the certificates in our database
skipca list # list the Certificate Authorities we trust
SKIP configuration files are stored in the /etc/skip directory.
Nomadic and Network encryption
------------------------------
If you are encrypting to a network through an intermediate SKIP system see
the "Network Encryption" section of the advanced.TOPICS file. If you are
configuring an intermediate system which will talk to hosts with dynamic
IP addresses, See the "Nomadic Support" section of the advanced.TOPICS file.