/mandos/release : revision 134

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

Committer: Teddy Hogeborn
Date: 2008-09-01 08:29:23 UTC
Revision ID: teddy@fukt.bsnet.se-20080901082923-i2liq6t7warmu9xe

* mandos.xml: Enclose "RAM" with <acronym>.
* overview.xml: - '' -

* plugin-runner.xml (DESCRIPTION): Improved wording.
  (PURPOSE): New section.
  (OPTIONS): Improved wording.
  (OVERVIEW, PLUGINS): New section.
  (FALLBACK): New empty placeholder section.

* plugins.d/password-prompt.xml: Enclose "RAM" with <acronym>.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2014-01-20">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

<refname><command>&COMMANDNAME;</command></refname>

Client for <application>Mandos</application>

Client for mandos

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--connect

<replaceable>ADDRESS</replaceable><literal>:</literal

<replaceable>IPADDR</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>ADDRESS</replaceable><literal>:</literal

<replaceable>IPADDR</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--keydir

<replaceable>DIRECTORY</replaceable></option></arg>

<arg choice="plain"><option>-d

<replaceable>DIRECTORY</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--interface

<replaceable>NAME</replaceable><arg rep='repeat'

>,<replaceable>NAME</replaceable></arg></option></arg>

<arg choice="plain"><option>-i <replaceable>NAME</replaceable

><arg rep='repeat'>,<replaceable>NAME</replaceable></arg

></option></arg>

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

</arg>

<sbr/>

100

<arg>

100

<option>--delay <replaceable>SECONDS</replaceable></option>

101

</arg>

102

<sbr/>

103

<arg>

104

<option>--retry <replaceable>SECONDS</replaceable></option>

105

</arg>

106

<sbr/>

107

<arg>

108

<option>--network-hook-dir

109

110

</arg>

111

<sbr/>

112

<arg>

113

101

<option>--debug</option>

114

102

</arg>

115

103

</cmdsynopsis>

132

120

</group>

133

121

</cmdsynopsis>

134

122

</refsynopsisdiv>

135

123

136

124

137

125

<title>DESCRIPTION</title>

138

126

<para>

139

<command>&COMMANDNAME;</command> is a client program that

140

communicates with <citerefentry><refentrytitle

141

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

142

to get a password. In slightly more detail, this client program

143

brings up network interfaces, uses the interfaces’ IPv6

144

link-local addresses to get network connectivity, uses Zeroconf

145

to find servers on the local network, and communicates with

146

servers using TLS with an OpenPGP key to ensure authenticity and

147

confidentiality. This client program keeps running, trying all

148

servers on the network, until it receives a satisfactory reply

149

or a TERM signal. After all servers have been tried, all

150

servers are periodically retried. If no servers are found it

151

will wait indefinitely for new servers to appear.

152

</para>

153

<para>

154

The network interfaces are selected like this: If any interfaces

155

are specified using the <option>--interface</option> option,

156

those interface are used. Otherwise,

157

<command>&COMMANDNAME;</command> will use all interfaces that

158

are not loopback interfaces, are not point-to-point interfaces,

159

are capable of broadcasting and do not have the NOARP flag (see

160

<citerefentry><refentrytitle>netdevice</refentrytitle>

161

<manvolnum>7</manvolnum></citerefentry>). (If the

162

<option>--connect</option> option is used, point-to-point

163

interfaces and non-broadcast interfaces are accepted.) If any

164

used interfaces are not up and running, they are first taken up

165

(and later taken down again on program exit).

166

</para>

167

<para>

168

Before network interfaces are selected, all <quote>network

169

hooks</quote> are run; see <xref linkend="network-hooks"/>.

170

</para>

171

<para>

172

This program is not meant to be run directly; it is really meant

173

to run as a plugin of the <application>Mandos</application>

174

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

175

<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the

176

initial <acronym>RAM</acronym> disk environment because it is

177

specified as a <quote>keyscript</quote> in the <citerefentry>

178

<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>

179

</citerefentry> file.

180

</para>

181

</refsect1>

182

183

184

<title>PURPOSE</title>

185

<para>

186

The purpose of this is to enable <emphasis>remote and unattended

187

rebooting</emphasis> of client host computer with an

188

<emphasis>encrypted root file system</emphasis>. See <xref

189

linkend="overview"/> for details.

127

<command>&COMMANDNAME;</command> is a mandos plugin that works

128

like a client program that through avahi detects mandos servers,

129

sets up a gnutls connect and request a encrypted password. Any

130

passwords given is automaticly decrypted and passed to

131

cryptsetup.

190

132

</para>

191

133

</refsect1>

192

134

193

135

194

136

<title>OPTIONS</title>

195

137

<para>

196

This program is commonly not invoked from the command line; it

197

is normally started by the <application>Mandos</application>

198

plugin runner, see <citerefentry><refentrytitle

199

>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>

200

</citerefentry>. Any command line options this program accepts

201

are therefore normally provided by the plugin runner, and not

202

directly.

138

Commonly not invoked as command lines but from configuration

139

file of plugin runner.

203

140

</para>

204

141

205

142

206

143

207

144

<term><option>--connect=<replaceable

208

>ADDRESS</replaceable><literal>:</literal><replaceable

145

>IPADDR</replaceable><literal>:</literal><replaceable

209

146

>PORT</replaceable></option></term>

210

147

<term><option>-c

211

<replaceable>ADDRESS</replaceable><literal>:</literal

148

<replaceable>IPADDR</replaceable><literal>:</literal

212

149

><replaceable>PORT</replaceable></option></term>

213

150

214

151

<para>

215

Do not use Zeroconf to locate servers. Connect directly

216

to only one specified <application>Mandos</application>

217

server. Note that an IPv6 address has colon characters in

218

it, so the <emphasis>last</emphasis> colon character is

219

assumed to separate the address from the port number.

152

Connect directly to a specified mandos server

220

153

</para>

154

</listitem>

155

</varlistentry>

156

157

158

<term><option>--keydir=<replaceable

159

>DIRECTORY</replaceable></option></term>

160

<term><option>-d

161

<replaceable>DIRECTORY</replaceable></option></term>

162

221

163

<para>

222

Normally, Zeroconf would be used to locate Mandos servers,

223

in which case this option would only be used when testing

224

and debugging.

164

Directory where the openpgp keyring is

225

165

</para>

226

166

</listitem>

227

167

</varlistentry>

228

168

229

169

230

<term><option>--interface=<replaceable

231

>NAME</replaceable><arg rep='repeat'>,<replaceable

232

>NAME</replaceable></arg></option></term>

170

<term><option>--interface=

171

233

172

<term><option>-i

234

<replaceable>NAME</replaceable><arg rep='repeat'>,<replaceable

235

>NAME</replaceable></arg></option></term>

173

236

174

237

175

<para>

238

Comma separated list of network interfaces that will be

239

brought up and scanned for Mandos servers to connect to.

240

The default is the empty string, which will automatically

241

use all appropriate interfaces.

242

</para>

243

<para>

244

If the <option>--connect</option> option is used, and

245

exactly one interface name is specified (except

246

<quote><literal>none</literal></quote>), this specifies

247

the interface to use to connect to the address given.

248

</para>

249

<para>

250

Note that since this program will normally run in the

251

initial RAM disk environment, the interface must be an

252

interface which exists at that stage. Thus, the interface

253

can normally not be a pseudo-interface such as

254

<quote>br0</quote> or <quote>tun0</quote>; such interfaces

255

will not exist until much later in the boot process, and

256

can not be used by this program, unless created by a

257

<quote>network hook</quote> — see <xref

258

linkend="network-hooks"/>.

259

</para>

260

<para>

261

<replaceable>NAME</replaceable> can be the string

262

<quote><literal>none</literal></quote>; this will make

263

<command>&COMMANDNAME;</command> not bring up

264

<emphasis>any</emphasis> interfaces specified

265

<emphasis>after</emphasis> this string. This is not

266

recommended, and only meant for advanced users.

176

Interface that Avahi will connect through

267

177

</para>

268

178

</listitem>

269

179

</varlistentry>

270

180

271

181

272

182

<term><option>--pubkey=<replaceable

273

183

>FILE</replaceable></option></term>

275

185

276

186

277

187

<para>

278

OpenPGP public key file name. The default name is

279

<quote><filename>/conf/conf.d/mandos/pubkey.txt</filename

280

></quote>.

188

Public openpgp key for gnutls authentication

281

189

</para>

282

190

</listitem>

283

191

</varlistentry>

284

192

285

193

286

194

<term><option>--seckey=<replaceable

287

195

>FILE</replaceable></option></term>

289

197

290

198

291

199

<para>

292

OpenPGP secret key file name. The default name is

293

<quote><filename>/conf/conf.d/mandos/seckey.txt</filename

294

></quote>.

200

Secret OpenPGP key for GnuTLS authentication

295

201

</para>

296

202

</listitem>

297

203

</varlistentry>

300

206

<term><option>--priority=<replaceable

301

207

>STRING</replaceable></option></term>

302

208

303

<xi:include href="../mandos-options.xml"

304

xpointer="priority"/>

209

<para>

210

GnuTLS priority

211

</para>

305

212

</listitem>

306

213

</varlistentry>

307

214

308

215

309

216

<term><option>--dh-bits=<replaceable

310

217

>BITS</replaceable></option></term>

311

218

312

219

<para>

313

Sets the number of bits to use for the prime number in the

314

TLS Diffie-Hellman key exchange. Default is 1024.

315

</para>

316

</listitem>

317

</varlistentry>

318

319

320

<term><option>--delay=<replaceable

321

>SECONDS</replaceable></option></term>

322

323

<para>

324

After bringing a network interface up, the program waits

325

for the interface to arrive in a <quote>running</quote>

326

state before proceeding. During this time, the kernel log

327

level will be lowered to reduce clutter on the system

328

console, alleviating any other plugins which might be

329

using the system console. This option sets the upper

330

limit of seconds to wait. The default is 2.5 seconds.

331

</para>

332

</listitem>

333

</varlistentry>

334

335

336

<term><option>--retry=<replaceable

337

>SECONDS</replaceable></option></term>

338

339

<para>

340

All Mandos servers are tried repeatedly until a password

341

is received. This value specifies, in seconds, how long

342

between each successive try <emphasis>for the same

343

server</emphasis>. The default is 10 seconds.

344

</para>

345

</listitem>

346

</varlistentry>

347

348

349

<term><option>--network-hook-dir=<replaceable

350

>DIR</replaceable></option></term>

351

352

<para>

353

Network hook directory. The default directory is

354

<quote><filename class="directory"

355

>/lib/mandos/network-hooks.d</filename></quote>.

220

DH bits to use in gnutls communication

356

221

</para>

357

222

</listitem>

358

223

</varlistentry>

361

226

<term><option>--debug</option></term>

362

227

363

228

<para>

364

Enable debug mode. This will enable a lot of output to

365

standard error about what the program is doing. The

366

program will still perform all other functions normally.

367

</para>

368

<para>

369

It will also enable debug mode in the Avahi and GnuTLS

370

libraries, making them print large amounts of debugging

371

output.

229

Debug mode

372

230

</para>

373

231

</listitem>

374

232

</varlistentry>

378

236

379

237

380

238

<para>

381

Gives a help message about options and their meanings.

239

Gives a help message

382

240

</para>

383

241

</listitem>

384

242

</varlistentry>

387

245

<term><option>--usage</option></term>

388

246

389

247

<para>

390

Gives a short usage message.

248

Gives a short usage message

391

249

</para>

392

250

</listitem>

393

251

</varlistentry>

394

252

395

253

396

254

<term><option>--version</option></term>

397

255

398

256

399

257

<para>

400

Prints the program version.

258

Prints the program version

401

259

</para>

402

260

</listitem>

403

261

</varlistentry>

404

262

</variablelist>

405

263

</refsect1>

406

407

408

<title>OVERVIEW</title>

409

<xi:include href="../overview.xml"/>

410

<para>

411

This program is the client part. It is a plugin started by

412

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

413

<manvolnum>8mandos</manvolnum></citerefentry> which will run in

414

an initial <acronym>RAM</acronym> disk environment.

415

</para>

416

<para>

417

This program could, theoretically, be used as a keyscript in

418

<filename>/etc/crypttab</filename>, but it would then be

419

impossible to enter a password for the encrypted root disk at

420

the console, since this program does not read from the console

421

at all. This is why a separate plugin runner (<citerefentry>

422

<refentrytitle>plugin-runner</refentrytitle>

423

<manvolnum>8mandos</manvolnum></citerefentry>) is used to run

424

both this program and others in in parallel,

425

<emphasis>one</emphasis> of which (<citerefentry>

426

<refentrytitle>password-prompt</refentrytitle>

427

<manvolnum>8mandos</manvolnum></citerefentry>) will prompt for

428

passwords on the system console.

429

</para>

430

</refsect1>

431

264

432

265

433

266

<title>EXIT STATUS</title>

434

267

<para>

435

This program will exit with a successful (zero) exit status if a

436

server could be found and the password received from it could be

437

successfully decrypted and output on standard output. The

438

program will exit with a non-zero exit status only if a critical

439

error occurs. Otherwise, it will forever connect to any

440

discovered <application>Mandos</application> servers, trying to

441

get a decryptable password and print it.

442

268

</para>

443

269

</refsect1>

444

270

445

271

446

272

<title>ENVIRONMENT</title>

447

273

<para>

448

This program does not use any environment variables, not even

449

the ones provided by <citerefentry><refentrytitle

450

>cryptsetup</refentrytitle><manvolnum>8</manvolnum>

451

</citerefentry>.

452

</para>

453

</refsect1>

454

455

456

<title>NETWORK HOOKS</title>

457

<para>

458

If a network interface like a bridge or tunnel is required to

459

find a Mandos server, this requires the interface to be up and

460

running before <command>&COMMANDNAME;</command> starts looking

461

for Mandos servers. This can be accomplished by creating a

462

<quote>network hook</quote> program, and placing it in a special

463

directory.

464

</para>

465

<para>

466

Before the network is used (and again before program exit), any

467

runnable programs found in the network hook directory are run

468

with the argument <quote><literal>start</literal></quote> or

469

<quote><literal>stop</literal></quote>. This should bring up or

470

down, respectively, any network interface which

471

<command>&COMMANDNAME;</command> should use.

472

</para>

473

474

<title>REQUIREMENTS</title>

475

<para>

476

A network hook must be an executable file, and its name must

477

consist entirely of upper and lower case letters, digits,

478

underscores, periods, and hyphens.

479

</para>

480

<para>

481

A network hook will receive one argument, which can be one of

482

the following:

483

</para>

484

485

486

<term><literal>start</literal></term>

487

488

<para>

489

This should make the network hook create (if necessary)

490

and bring up a network interface.

491

</para>

492

</listitem>

493

</varlistentry>

494

495

496

497

<para>

498

This should make the network hook take down a network

499

interface, and delete it if it did not exist previously.

500

</para>

501

</listitem>

502

</varlistentry>

503

504

<term><literal>files</literal></term>

505

506

<para>

507

This should make the network hook print, <emphasis>one

508

file per line</emphasis>, all the files needed for it to

509

run. (These files will be copied into the initial RAM

510

filesystem.) Typical use is for a network hook which is

511

a shell script to print its needed binaries.

512

</para>

513

<para>

514

It is not necessary to print any non-executable files

515

already in the network hook directory, these will be

516

copied implicitly if they otherwise satisfy the name

517

requirements.

518

</para>

519

</listitem>

520

</varlistentry>

521

522

<term><literal>modules</literal></term>

523

524

<para>

525

This should make the network hook print, <emphasis>on

526

separate lines</emphasis>, all the kernel modules needed

527

for it to run. (These modules will be copied into the

528

initial RAM filesystem.) For instance, a tunnel

529

interface needs the

530

<quote><literal>tun</literal></quote> module.

531

</para>

532

</listitem>

533

</varlistentry>

534

</variablelist>

535

<para>

536

The network hook will be provided with a number of environment

537

variables:

538

</para>

539

540

541

<term><envar>MANDOSNETHOOKDIR</envar></term>

542

543

<para>

544

The network hook directory, specified to

545

<command>&COMMANDNAME;</command> by the

546

<option>--network-hook-dir</option> option. Note: this

547

should <emphasis>always</emphasis> be used by the

548

network hook to refer to itself or any files in the hook

549

directory it may require.

550

</para>

551

</listitem>

552

</varlistentry>

553

554

<term><envar>DEVICE</envar></term>

555

556

<para>

557

The network interfaces, as specified to

558

<command>&COMMANDNAME;</command> by the

559

<option>--interface</option> option, combined to one

560

string and separated by commas. If this is set, and

561

does not contain the interface a hook will bring up,

562

there is no reason for a hook to continue.

563

</para>

564

</listitem>

565

</varlistentry>

566

567

568

569

<para>

570

This will be the same as the first argument;

571

i.e. <quote><literal>start</literal></quote>,

572

<quote><literal>stop</literal></quote>,

573

<quote><literal>files</literal></quote>, or

574

<quote><literal>modules</literal></quote>.

575

</para>

576

</listitem>

577

</varlistentry>

578

579

<term><envar>VERBOSITY</envar></term>

580

581

<para>

582

This will be the <quote><literal>1</literal></quote> if

583

the <option>--debug</option> option is passed to

584

<command>&COMMANDNAME;</command>, otherwise

585

<quote><literal>0</literal></quote>.

586

</para>

587

</listitem>

588

</varlistentry>

589

590

<term><envar>DELAY</envar></term>

591

592

<para>

593

This will be the same as the <option>--delay</option>

594

option passed to <command>&COMMANDNAME;</command>. Is

595

only set if <envar>MODE</envar> is

596

<quote><literal>start</literal></quote> or

597

<quote><literal>stop</literal></quote>.

598

</para>

599

</listitem>

600

</varlistentry>

601

602

<term><envar>CONNECT</envar></term>

603

604

<para>

605

This will be the same as the <option>--connect</option>

606

option passed to <command>&COMMANDNAME;</command>. Is

607

only set if <option>--connect</option> is passed and

608

<envar>MODE</envar> is

609

<quote><literal>start</literal></quote> or

610

<quote><literal>stop</literal></quote>.

611

</para>

612

</listitem>

613

</varlistentry>

614

</variablelist>

615

<para>

616

A hook may not read from standard input, and should be

617

restrictive in printing to standard output or standard error

618

unless <varname>VERBOSITY</varname> is

619

<quote><literal>1</literal></quote>.

620

</para>

621

</refsect2>

622

</refsect1>

623

624

274

</para>

275

</refsect1>

276

277

625

278

<title>FILES</title>

626

627

628

<term><filename>/conf/conf.d/mandos/pubkey.txt</filename

629

></term>

630

<term><filename>/conf/conf.d/mandos/seckey.txt</filename

631

></term>

632

633

<para>

634

OpenPGP public and private key files, in <quote>ASCII

635

Armor</quote> format. These are the default file names,

636

they can be changed with the <option>--pubkey</option> and

637

<option>--seckey</option> options.

638

</para>

639

</listitem>

640

</varlistentry>

641

642

<term><filename

643

class="directory">/lib/mandos/network-hooks.d</filename></term>

644

645

<para>

646

Directory where network hooks are located. Change this

647

with the <option>--network-hook-dir</option> option. See

648

<xref linkend="network-hooks"/>.

649

</para>

650

</listitem>

651

</varlistentry>

652

</variablelist>

653

</refsect1>

654

655

656

657

658

659

660

279

<para>

280

</para>

281

</refsect1>

282

283

284

285

<para>

286

</para>

287

</refsect1>

288

661

289

662

290

<title>EXAMPLE</title>

663

291

<para>

664

Note that normally, command line options will not be given

665

directly, but via options for the Mandos <citerefentry

666

><refentrytitle>plugin-runner</refentrytitle>

667

<manvolnum>8mandos</manvolnum></citerefentry>.

668

292

</para>

669

670

<para>

671

Normal invocation needs no options, if the network interfaces

672

can be automatically determined:

673

</para>

674

<para>

675

<userinput>&COMMANDNAME;</userinput>

676

</para>

677

</informalexample>

678

679

<para>

680

Search for Mandos servers (and connect to them) using one

681

specific interface:

682

</para>

683

<para>

684

685

<userinput>&COMMANDNAME; --interface eth1</userinput>

686

</para>

687

</informalexample>

688

689

<para>

690

Run in debug mode, and use a custom key:

691

</para>

692

<para>

693

694

695

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt</userinput>

696

697

</para>

698

</informalexample>

699

700

<para>

701

Run in debug mode, with a custom key, and do not use Zeroconf

702

to locate a server; connect directly to the IPv6 link-local

703

address <quote><systemitem class="ipaddress"

704

>fe80::aede:48ff:fe71:f6f2</systemitem></quote>, port 4711,

705

using interface eth2:

706

</para>

707

<para>

708

709

710

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect fe80::aede:48ff:fe71:f6f2:4711 --interface eth2</userinput>

711

712

</para>

713

</informalexample>

714

293

</refsect1>

715

294

716

295

717

296

<title>SECURITY</title>

718

297

<para>

719

This program is set-uid to root, but will switch back to the

720

original (and presumably non-privileged) user and group after

721

bringing up the network interface.

722

</para>

723

<para>

724

To use this program for its intended purpose (see <xref

725

linkend="purpose"/>), the password for the root file system will

726

have to be given out to be stored in a server computer, after

727

having been encrypted using an OpenPGP key. This encrypted data

728

which will be stored in a server can only be decrypted by the

729

OpenPGP key, and the data will only be given out to those

730

clients who can prove they actually have that key. This key,

731

however, is stored unencrypted on the client side in its initial

732

<acronym>RAM</acronym> disk image file system. This is normally

733

readable by all, but this is normally fixed during installation

734

of this program; file permissions are set so that no-one is able

735

to read that file.

736

</para>

737

<para>

738

The only remaining weak point is that someone with physical

739

access to the client hard drive might turn off the client

740

computer, read the OpenPGP keys directly from the hard drive,

741

and communicate with the server. To safeguard against this, the

742

server is supposed to notice the client disappearing and stop

743

giving out the encrypted data. Therefore, it is important to

744

set the timeout and checker interval values tightly on the

745

server. See <citerefentry><refentrytitle

746

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

747

</para>

748

<para>

749

It will also help if the checker program on the server is

750

configured to request something from the client which can not be

751

spoofed by someone else on the network, unlike unencrypted

752

<acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.

753

</para>

754

<para>

755

<emphasis>Note</emphasis>: This makes it completely insecure to

756

have <application >Mandos</application> clients which dual-boot

757

to another operating system which is <emphasis>not</emphasis>

758

trusted to keep the initial <acronym>RAM</acronym> disk image

759

confidential.

760

298

</para>

761

299

</refsect1>

762

300

763

301

764

302

765

303

<para>

766

<citerefentry><refentrytitle>intro</refentrytitle>

767

<manvolnum>8mandos</manvolnum></citerefentry>,

768

<citerefentry><refentrytitle>cryptsetup</refentrytitle>

769

<manvolnum>8</manvolnum></citerefentry>,

770

<citerefentry><refentrytitle>crypttab</refentrytitle>

771

<manvolnum>5</manvolnum></citerefentry>,

772

304

<citerefentry><refentrytitle>mandos</refentrytitle>

773

305

<manvolnum>8</manvolnum></citerefentry>,

774

306

<citerefentry><refentrytitle>password-prompt</refentrytitle>

776

308

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

777

309

<manvolnum>8mandos</manvolnum></citerefentry>

778

310

</para>

779

780

781

<term>

782

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

783

</term>

784

785

<para>

786

Zeroconf is the network protocol standard used for finding

787

Mandos servers on the local network.

788

</para>

789

</listitem>

790

</varlistentry>

791

792

<term>

793

<ulink url="http://www.avahi.org/">Avahi</ulink>

794

</term>

795

796

<para>

797

Avahi is the library this program calls to find Zeroconf

798

services.

799

</para>

800

</listitem>

801

</varlistentry>

802

803

<term>

804

<ulink url="http://www.gnu.org/software/gnutls/"

805

>GnuTLS</ulink>

806

</term>

807

808

<para>

809

GnuTLS is the library this client uses to implement TLS for

810

communicating securely with the server, and at the same time

811

send the public OpenPGP key to the server.

812

</para>

813

</listitem>

814

</varlistentry>

815

816

<term>

817

<ulink url="http://www.gnupg.org/related_software/gpgme/"

818

>GPGME</ulink>

819

</term>

820

821

<para>

822

GPGME is the library used to decrypt the OpenPGP data sent

823

by the server.

824

</para>

825

</listitem>

826

</varlistentry>

827

828

<term>

829

RFC 4291: <citetitle>IP Version 6 Addressing

830

Architecture</citetitle>

831

</term>

832

833

834

835

<term>Section 2.2: <citetitle>Text Representation of

836

Addresses</citetitle></term>

837

838

</varlistentry>

839

840

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

841

Address</citetitle></term>

842

843

</varlistentry>

844

845

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

846

Addresses</citetitle></term>

847

848

<para>

849

This client uses IPv6 link-local addresses, which are

850

immediately usable since a link-local addresses is

851

automatically assigned to a network interface when it

852

is brought up.

853

</para>

854

</listitem>

855

</varlistentry>

856

</variablelist>

857

</listitem>

858

</varlistentry>

859

860

<term>

861

RFC 4346: <citetitle>The Transport Layer Security (TLS)

862

Protocol Version 1.1</citetitle>

863

</term>

864

865

<para>

866

TLS 1.1 is the protocol implemented by GnuTLS.

867

</para>

868

</listitem>

869

</varlistentry>

870

871

<term>

872

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

873

</term>

874

875

<para>

876

The data received from the server is binary encrypted

877

OpenPGP data.

878

</para>

879

</listitem>

880

</varlistentry>

881

882

<term>

883

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

884

Security</citetitle>

885

</term>

886

887

<para>

888

This is implemented by GnuTLS and used by this program so

889

that OpenPGP keys can be used.

890

</para>

891

</listitem>

892

</varlistentry>

893

</variablelist>

311

312

313

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

314

</para></listitem>

315

316

317

<ulink url="http://www.avahi.org/">Avahi</ulink>

318

</para></listitem>

319

320

321

<ulink

322

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

323

</para></listitem>

324

325

326

<ulink

327

url="http://www.gnupg.org/related_software/gpgme/">

328

GPGME</ulink>

329

</para></listitem>

330

331

332

<citation>RFC 4880: <citetitle>OpenPGP Message

333

Format</citetitle></citation>

334

</para></listitem>

335

336

337

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

338

Transport Layer Security</citetitle></citation>

339

</para></listitem>

340

341

342

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

343

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

344

Unicast Addresses</citation>

345

</para></listitem>

346

</itemizedlist>

894

347

</refsect1>

348

895

349

</refentry>

896

897

350

898

351

899

352

Older »