/mandos/release

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2014-06-22 02:19:30 UTC
mto: (237.7.272 trunk)
mto: This revision was merged to the branch mainline in revision 317.
Revision ID: teddy@recompile.se-20140622021930-icl7h4cm97blhjml

mandos-keygen: Generate "checker" option to use SSH fingerprints.

To turn this off, use a new "--no-ssh" option to mandos-keygen.

* INSTALL (Mandos Server, Mandos Client): Document new suggested
                                          installation of SSH.
* Makefile (confdir/clients.conf): Use new "--no-ssh" option to
                                   "mandos-keygen".
* debian/control (mandos/Depends): Changed to "fping | ssh-client".
  (mandos-client/Recommends): New; set to "ssh".
* intro.xml (FREQUENTLY ASKED QUESTIONS): Rename and rewrite section
                                          called "Faking ping
                                          replies?" to address new
                                          default behavior.
* mandos-clients.conf.xml (OPTIONS/checker): Briefly discuss new
                                             behavior of
                                             mandos-keygen.
* mandos-keygen: Bug fix: Suppress failure output of "shred" to remove
                 "sec*", since no such files may exist.
(password mode): Scan for SSH key fingerprints and output as new
                  "checker" and "ssh_fingerprint" options, unless new
                  "--no-ssh" option is given.
* mandos-keygen.xml (SYNOPSIS/--force): Bug fix: Document short form.
  (OPTIONS/--no-ssh): New.
  (SEE ALSO): Add reference "ssh-keyscan(1)".
* plugins.d/mandos-client.xml (SECURITY): Briefly mention the
                                          possibility of using SSH key
                                          fingerprints for checking.

files removed:
bugs.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

<!ENTITY TIMESTAMP "2016-11-27">

4

<!ENTITY TIMESTAMP "2014-06-22">

5

5

<!ENTITY % common SYSTEM "common.ent">

6

6

%common;

7

7

]>

32

32

<copyright>

33

33

<year>2011</year>

34

34

<year>2012</year>

35

<year>2013</year>

36

<year>2014</year>

37

<year>2015</year>

38

<year>2016</year>

39

35

<holder>Teddy Hogeborn</holder>

40

36

<holder>Björn Påhlsson</holder>

41

37

</copyright>

77

73

<refsect1 id="introduction">

78

74

<title>INTRODUCTION</title>

79

75

<para>

80

<!-- This paragraph is a combination and paraphrase of two

81

quotes from the 1995 movie “The Usual Suspects”. -->

82

76

You know how it is. You’ve heard of it happening. The Man

83

77

comes and takes away your servers, your friends’ servers, the

84

78

servers of everybody in the same hosting facility. The servers

203

197

</para>

204

198

</refsect2>

205

199

206

<refsect2 id="sniff">

207

<title>How about sniffing the network traffic and decrypting it

208

later by physically grabbing the Mandos client and using its

209

key?</title>

210

<para>

211

We only use <acronym>PFS</acronym> (Perfect Forward Security)

212

key exchange algorithms in TLS, which protects against this.

213

</para>

214

</refsect2>

215

216

200

<refsect2 id="physgrab">

217

201

<title>Physically grabbing the Mandos server computer?</title>

218

202

<para>

381

365

</para>

382

366

</refsect1>

383

367

384

<refsect1 id="bugs">

385

<title>BUGS</title>

386

<xi:include href="bugs.xml"/>

387

</refsect1>

388

389

368

<refsect1 id="see_also">

390

369

<title>SEE ALSO</title>

391

370

<para>

419

398

<variablelist>

420

399

<varlistentry>

421

400

<term>

422

<ulink url="https://www.recompile.se/mandos">Mandos</ulink>

401

<ulink url="http://www.recompile.se/mandos">Mandos</ulink>

423

402

</term>

424

403

<listitem>

425

404

<para>

Older »