41
41
+ GnuTLS 3.3 https://www.gnutls.org/
42
(but not 3.6.0 or later, until 3.6.6, which works)
43
+ Avahi 0.6.16 https://www.avahi.org/
44
+ Python 3 https://www.python.org/
45
Note: Python 2.7 is still supported, if the "mandos",
46
"mandos-ctl", and "mandos-monitor" files are edited to contain
47
"#!/usr/bin/python" instead of python3.
42
+ Avahi 0.6.16 http://www.avahi.org/
43
+ Python 2.7 https://www.python.org/
48
44
+ dbus-python 0.82.4 https://dbus.freedesktop.org/doc/dbus-python/
49
+ PyGObject 3.8 https://wiki.gnome.org/Projects/PyGObject
45
+ PyGObject 3.7.1 https://wiki.gnome.org/Projects/PyGObject
50
46
+ pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
51
47
+ Urwid 1.0.1 http://urwid.org/
52
48
(Only needed by the "mandos-monitor" tool.)
56
52
+ ssh-keyscan from OpenSSH http://www.openssh.com/
59
avahi-daemon python3 python3-dbus python3-gi python3-urwid
60
pkg-config fping ssh-client
55
avahi-daemon python python-dbus python-gi python-urwid pkg-config
63
+ GNU C Library 2.17 https://gnu.org/software/libc/
59
+ GNU C Library 2.16 https://gnu.org/software/libc/
60
+ initramfs-tools 0.85i
61
https://tracker.debian.org/pkg/initramfs-tools
64
62
+ GnuTLS 3.3 https://www.gnutls.org/
65
(but not 3.6.0 or later, until 3.6.6 which works)
66
+ Avahi 0.6.16 https://www.avahi.org/
63
+ Avahi 0.6.16 http://www.avahi.org/
67
64
+ GnuPG 1.4.9 https://www.gnupg.org/
68
65
+ GPGME 1.1.6 https://www.gnupg.org/related_software/gpgme/
69
66
+ pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
70
+ libnl-route 3 https://www.infradead.org/~tgr/libnl/
71
+ GLib 2.40 http://www.gtk.org/
74
+ initramfs-tools 0.85i
75
https://tracker.debian.org/pkg/initramfs-tools
77
http://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
79
68
Strongly recommended:
80
69
+ OpenSSH http://www.openssh.com/
83
initramfs-tools dracut libgnutls-dev gnutls-bin libavahi-core-dev
84
gnupg libgpgme11-dev pkg-config ssh libnl-route-3-dev
72
initramfs-tools libgnutls-dev libavahi-core-dev gnupg
73
libgpgme11-dev pkg-config ssh
87
75
* Installing the Mandos server
91
79
2. On the computer to run as a Mandos server, run the following
93
For Debian: su - -c 'make install-server'
81
For Debian: su -c 'make install-server'
94
82
For Ubuntu: sudo make install-server
96
84
(This creates a configuration without any clients configured; you
103
91
2. On the computer to run as a Mandos client, run the following
105
For Debian: su - -c 'make install-client'
93
For Debian: su -c 'make install-client'
106
94
For Ubuntu: sudo make install-client
108
96
This will also create an OpenPGP key, which will take some time
109
97
and entropy, so be patient.
111
99
3. Run the following command:
112
For Debian: su - -c 'mandos-keygen --password'
100
For Debian: su -c 'mandos-keygen --password'
113
101
For Ubuntu: sudo mandos-keygen --password
115
103
When prompted, enter the password/passphrase for the encrypted
127
115
# update-initramfs -k all -u
129
117
5. On the server computer, start the server by running the command
130
For Debian: su - -c 'invoke-rc.d mandos start'
118
For Debian: su -c 'invoke-rc.d mandos start'
131
119
For Ubuntu: sudo service mandos start
133
121
At this point, it is possible to verify that the correct password
136
124
# /usr/lib/mandos/plugins.d/mandos-client \
137
125
--pubkey=/etc/keys/mandos/pubkey.txt \
138
--seckey=/etc/keys/mandos/seckey.txt \
139
--tls-privkey=/etc/keys/mandos/tls-privkey.pem \
140
--tls-pubkey=/etc/keys/mandos/tls-pubkey.pem; echo
126
--seckey=/etc/keys/mandos/seckey.txt; echo
142
128
This command should retrieve the password from the server,
143
129
decrypt it, and output it to standard output.