7
Debian 8.0 "jessie" or Ubuntu 15.10 "Wily Werewolf" (or later).
7
Debian 6.0 "squeeze" or Ubuntu 10.10 "Maverick Meerkat" (or later).
9
9
This is mostly for the support scripts which make sure that the
10
10
client is installed and started in the initial RAM disk environment
41
+ GnuTLS 3.3 https://www.gnutls.org/
42
(but not 3.6.0 or later, until 3.6.6, which works)
43
+ Avahi 0.6.16 https://www.avahi.org/
44
+ Python 3 https://www.python.org/
45
Note: Python 2.7 is still supported, if the "mandos",
46
"mandos-ctl", and "mandos-monitor" files are edited to contain
47
"#!/usr/bin/python" instead of python3.
48
+ dbus-python 0.82.4 https://dbus.freedesktop.org/doc/dbus-python/
49
+ PyGObject 3.8 https://wiki.gnome.org/Projects/PyGObject
50
+ pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
41
+ GnuTLS 2.4 http://www.gnutls.org/
42
Note: GnuTLS 3 will only work with Python-GnuTLS 2
43
+ Avahi 0.6.16 http://www.avahi.org/
44
+ Python 2.7 https://www.python.org/
45
+ Python-GnuTLS 1.1.5 https://pypi.python.org/pypi/python-gnutls/
46
+ dbus-python 0.82.4 http://dbus.freedesktop.org/doc/dbus-python/
47
+ PyGObject 2.14.2 https://developer.gnome.org/pygobject/
48
+ pkg-config http://www.freedesktop.org/wiki/Software/pkg-config/
51
49
+ Urwid 1.0.1 http://urwid.org/
52
50
(Only needed by the "mandos-monitor" tool.)
56
54
+ ssh-keyscan from OpenSSH http://www.openssh.com/
59
avahi-daemon python3 python3-dbus python3-gi python3-urwid
60
pkg-config fping ssh-client
57
python-gnutls avahi-daemon python python-avahi python-dbus
58
python-gobject python-urwid pkg-config fping ssh-client
63
+ GNU C Library 2.17 https://gnu.org/software/libc/
64
+ GnuTLS 3.3 https://www.gnutls.org/
65
(but not 3.6.0 or later, until 3.6.6 which works)
66
+ Avahi 0.6.16 https://www.avahi.org/
61
+ initramfs-tools 0.85i
62
https://tracker.debian.org/pkg/initramfs-tools
63
+ GnuTLS 2.4 http://www.gnutls.org/
64
+ Avahi 0.6.16 http://www.avahi.org/
67
65
+ GnuPG 1.4.9 https://www.gnupg.org/
68
66
+ GPGME 1.1.6 https://www.gnupg.org/related_software/gpgme/
69
+ pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
70
+ libnl-route 3 https://www.infradead.org/~tgr/libnl/
71
+ GLib 2.40 http://www.gtk.org/
74
+ initramfs-tools 0.85i
75
https://tracker.debian.org/pkg/initramfs-tools
77
http://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
67
+ pkg-config http://www.freedesktop.org/wiki/Software/pkg-config/
79
69
Strongly recommended:
80
70
+ OpenSSH http://www.openssh.com/
83
initramfs-tools dracut libgnutls-dev gnutls-bin libavahi-core-dev
84
gnupg libgpgme11-dev pkg-config ssh libnl-route-3-dev
73
initramfs-tools libgnutls-dev libavahi-core-dev gnupg
74
libgpgme11-dev pkg-config ssh
87
76
* Installing the Mandos server
91
80
2. On the computer to run as a Mandos server, run the following
93
For Debian: su - -c 'make install-server'
82
For Debian: su -c 'make install-server'
94
83
For Ubuntu: sudo make install-server
96
85
(This creates a configuration without any clients configured; you
103
92
2. On the computer to run as a Mandos client, run the following
105
For Debian: su - -c 'make install-client'
94
For Debian: su -c 'make install-client'
106
95
For Ubuntu: sudo make install-client
108
97
This will also create an OpenPGP key, which will take some time
109
98
and entropy, so be patient.
111
100
3. Run the following command:
112
For Debian: su - -c 'mandos-keygen --password'
101
For Debian: su -c 'mandos-keygen --password'
113
102
For Ubuntu: sudo mandos-keygen --password
115
104
When prompted, enter the password/passphrase for the encrypted
127
116
# update-initramfs -k all -u
129
118
5. On the server computer, start the server by running the command
130
For Debian: su - -c 'invoke-rc.d mandos start'
119
For Debian: su -c 'invoke-rc.d mandos start'
131
120
For Ubuntu: sudo service mandos start
133
122
At this point, it is possible to verify that the correct password
136
125
# /usr/lib/mandos/plugins.d/mandos-client \
137
126
--pubkey=/etc/keys/mandos/pubkey.txt \
138
--seckey=/etc/keys/mandos/seckey.txt \
139
--tls-privkey=/etc/keys/mandos/tls-privkey.pem \
140
--tls-pubkey=/etc/keys/mandos/tls-pubkey.pem; echo
127
--seckey=/etc/keys/mandos/seckey.txt; echo
142
129
This command should retrieve the password from the server,
143
130
decrypt it, and output it to standard output.