=== modified file 'INSTALL'
--- INSTALL	2013-06-23 15:13:06 +0000
+++ INSTALL	2014-06-22 02:19:30 +0000
@@ -47,10 +47,11 @@
     
     Strongly recommended:
     + fping 2.4b2-to-ipv6 http://www.fping.com/
+    + ssh-keyscan from OpenSSH http://www.openssh.com/
     
     Package names:
     python-gnutls avahi-daemon python python-avahi python-dbus
-    python-gobject python-urwid
+    python-gobject python-urwid ssh-client
     
 *** Mandos Client
     + initramfs-tools 0.85i
@@ -60,9 +61,12 @@
     + GnuPG 1.4.9         http://www.gnupg.org/
     + GPGME 1.1.6         http://www.gnupg.org/related_software/gpgme/
     
+    Strongly recommended:
+    + OpenSSH             http://www.openssh.com/
+    
     Package names:
     initramfs-tools libgnutls-dev libavahi-core-dev gnupg
-    libgpgme11-dev
+    libgpgme11-dev ssh
 
 * Installing the Mandos server
   
@@ -132,6 +136,6 @@
   
   You may want to tighten or loosen the timeouts in the server
   configuration files; see mandos.conf(5) and mandos-clients.conf(5).
-  If IPsec is not used, it is suggested that a more cryptographically
-  secure checker program is used and configured, since without IPsec
-  ping packets can be faked.
+  If IPsec is not used and SSH is not installed, it is suggested that
+  a more cryptographically secure checker program is used and
+  configured, since, without IPsec, ping packets can be faked.

=== modified file 'Makefile'
--- Makefile	2014-06-15 01:01:14 +0000
+++ Makefile	2014-06-22 02:19:30 +0000
@@ -296,7 +296,7 @@
 	install --directory confdir
 	install --mode=u=rw $< $@
 # Add a client password
-	./mandos-keygen --dir keydir --password >> $@
+	./mandos-keygen --dir keydir --password --no-ssh >> $@
 statedir:
 	install --directory statedir
 

=== modified file 'TODO'
--- TODO	2014-06-15 02:48:49 +0000
+++ TODO	2014-06-22 02:19:30 +0000
@@ -81,6 +81,11 @@
    http://standards.freedesktop.org/secret-service/
 ** TODO Remove D-Bus interfaces with old domain name			  :2:
 ** TODO Remove old string_to_delta format				  :2:
+** TODO http://0pointer.de/blog/projects/stateless.html
+*** tmpfiles snippet to create /var/lib/mandos with right user+perms
+*** File in /usr/lib/sysusers.d to create user+group "_mandos"
+** TODO Error handling on error parsing config files
+** TODO init.d script error handling
 
 * mandos.xml
 ** Add mandos contact info in manual pages
@@ -101,6 +106,7 @@
 *** Properties popup
 ** Print a nice "We are sorry" message, save stack trace to log.
 ** Rename module "gobject" to "GObject".
+** TODO Optional verbose mode to see checkers starting and succeeding
 
 * mandos-keygen
 ** TODO "--secfile" option

=== modified file 'debian/control'
--- debian/control	2014-05-30 09:53:03 +0000
+++ debian/control	2014-06-22 02:19:30 +0000
@@ -21,7 +21,7 @@
 	python-avahi, python-gobject, avahi-daemon, adduser,
 	python-urwid, python (>=2.7) | python-argparse, gnupg (<< 2),
 	initscripts (>= 2.88dsf-13.3)
-Recommends: fping
+Recommends: fping | ssh-client
 Description: server giving encrypted passwords to Mandos clients
  This is the server part of the Mandos system, which allows
  computers to have encrypted root file systems and at the
@@ -41,6 +41,7 @@
 Architecture: linux-any
 Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, cryptsetup,
 	gnupg (<< 2), initramfs-tools, dpkg-dev (>=1.16.0)
+Recommends: ssh
 Breaks: dropbear (<= 0.53.1-1)
 Enhances: cryptsetup
 Description: do unattended reboots with an encrypted root file system

=== modified file 'intro.xml'
--- intro.xml	2011-12-31 23:05:34 +0000
+++ intro.xml	2014-06-22 02:19:30 +0000
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
-<!ENTITY TIMESTAMP "2012-01-01">
+<!ENTITY TIMESTAMP "2014-06-22">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -215,17 +215,22 @@
       </para>
     </refsect2>
     
-    <refsect2 id="fakeping">
-      <title>Faking ping replies?</title>
+    <refsect2 id="fakecheck">
+      <title>Faking checker results?</title>
       <para>
-	The default for the server is to use
+	If the Mandos client does not have an SSH server, the default
+	is for the Mandos server to use
 	<quote><literal>fping</literal></quote>, the replies to which
 	could be faked to eliminate the timeout.  But this could
 	easily be changed to any shell command, with any security
-	measures you like.  It could, for instance, be changed to an
-	SSH command with strict keychecking, which could not be faked.
-	Or IPsec could be used for the ping packets, making them
-	secure.
+	measures you like.  If the Mandos client
+	<emphasis>has</emphasis> an SSH server, the default
+	configuration (as generated by
+	<command>mandos-keygen</command> with the
+	<option>--password</option> option) is for the Mandos server
+	to use an <command>ssh-keyscan</command> command with strict
+	keychecking, which can not be faked.  Alternatively, IPsec
+	could be used for the ping packets, making them secure.
       </para>
     </refsect2>
   </refsect1>

=== modified file 'mandos-clients.conf.xml'
--- mandos-clients.conf.xml	2013-10-20 15:25:09 +0000
+++ mandos-clients.conf.xml	2014-06-22 02:19:30 +0000
@@ -3,7 +3,7 @@
 	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY CONFNAME "mandos-clients.conf">
 <!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
-<!ENTITY TIMESTAMP "2013-10-15">
+<!ENTITY TIMESTAMP "2014-06-22">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -177,7 +177,13 @@
 	    <varname>PATH</varname> will be searched.  The default
 	    value for the checker command is <quote><literal
 	    ><command>fping</command> <option>-q</option> <option
-	    >--</option> %%(host)s</literal></quote>.
+	    >--</option> %%(host)s</literal></quote>.  Note that
+	    <command>mandos-keygen</command>, when generating output
+	    to be inserted into this file, normally looks for an SSH
+	    server on the Mandos client, and, if it find one, outputs
+	    a <option>checker</option> option to check for the
+	    client’s key fingerprint – this is more secure against
+	    spoofing.
 	  </para>
 	  <para>
 	    In addition to normal start time expansion, this option

=== modified file 'mandos-keygen'
--- mandos-keygen	2014-05-11 20:18:48 +0000
+++ mandos-keygen	2014-06-22 02:19:30 +0000
@@ -33,6 +33,7 @@
 KEYCOMMENT=""
 KEYEXPIRE=0
 FORCE=no
+SSH=yes
 KEYCOMMENT_ORIG="$KEYCOMMENT"
 mode=keygen
 
@@ -41,8 +42,8 @@
 fi
 
 # Parse options
-TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \
-    --longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \
+TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:fS \
+    --longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force,no-ssh \
     --name "$0" -- "$@"`
 
 help(){
@@ -85,6 +86,7 @@
                         Encrypt a password from FILE using the key in
                         the key directory.  All options other than
                         --dir and --name are ignored.
+  -S, --no-ssh          Don't get SSH key or set "checker" option.
 EOF
 }
 
@@ -103,6 +105,7 @@
 	-c|--comment) KEYCOMMENT="$2"; shift 2;;
 	-x|--expire) KEYEXPIRE="$2"; shift 2;;
 	-f|--force) FORCE=yes; shift;;
+	-S|--no-ssh) SSH=no; shift;;
 	-v|--version) echo "$0 $VERSION"; exit;;
 	-h|--help) help; exit;;
 	--) shift; break;;
@@ -188,7 +191,7 @@
 trap "
 set +e; \
 test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \
-shred --remove \"$RINGDIR\"/sec*;
+shred --remove \"$RINGDIR\"/sec* 2>/dev/null;
 test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \
 rm --recursive --force \"$RINGDIR\";
 tty --quiet && stty echo; \
@@ -274,6 +277,23 @@
 fi
 
 if [ "$mode" = password ]; then
+    
+    # Make SSH be 0 or 1
+    case "$SSH" in
+	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) SSH=1;;
+	[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) SSH=0;;
+    esac
+    
+    if [ $SSH -eq 1 ]; then
+	set +e
+	ssh_fingerprint="`ssh-keyscan localhost 2>/dev/null`"
+	if [ $? -ne 0 ]; then
+	    ssh_fingerprint=""
+	fi
+	set -e
+	ssh_fingerprint="${ssh_fingerprint#localhost }"
+    fi
+    
     # Import key into temporary key rings
     gpg --quiet --batch --no-tty --no-options --enable-dsa2 \
 	--homedir "$RINGDIR" --trust-model always --armor \
@@ -342,6 +362,10 @@
 		/^[^-]/s/^/    /p
 	    }
 	}' < "$SECFILE"
+    if [ -n "$ssh_fingerprint" ]; then
+	echo 'checker = ssh-keyscan %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp="%%(host)s %(ssh_fingerprint)s"'
+	echo "ssh_fingerprint = ${ssh_fingerprint}"
+    fi
 fi
 
 trap - EXIT
@@ -352,5 +376,5 @@
     shred --remove "$SECFILE"
 fi
 # Remove the key rings
-shred --remove "$RINGDIR"/sec*
+shred --remove "$RINGDIR"/sec* 2>/dev/null
 rm --recursive --force "$RINGDIR"

=== modified file 'mandos-keygen.xml'
--- mandos-keygen.xml	2013-10-22 19:24:01 +0000
+++ mandos-keygen.xml	2014-06-22 02:19:30 +0000
@@ -2,7 +2,7 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY COMMANDNAME "mandos-keygen">
-<!ENTITY TIMESTAMP "2013-10-22">
+<!ENTITY TIMESTAMP "2014-06-22">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -119,7 +119,10 @@
 	<replaceable>TIME</replaceable></option></arg>
       </group>
       <sbr/>
-      <arg><option>--force</option></arg>
+      <group>
+	<arg choice="plain"><option>--force</option></arg>
+	<arg choice="plain"><option>-f</option></arg>
+      </group>
     </cmdsynopsis>
     <cmdsynopsis>
       <command>&COMMANDNAME;</command>
@@ -145,6 +148,10 @@
 	<arg choice="plain"><option>-n
 	<replaceable>NAME</replaceable></option></arg>
       </group>
+      <group>
+	<arg choice="plain"><option>--no-ssh</option></arg>
+	<arg choice="plain"><option>-S</option></arg>
+      </group>
     </cmdsynopsis>
     <cmdsynopsis>
       <command>&COMMANDNAME;</command>
@@ -346,6 +353,22 @@
 	  </para>
 	</listitem>
       </varlistentry>
+      <varlistentry>
+	<term><option>--no-ssh</option></term>
+	<term><option>-S</option></term>
+	<listitem>
+	  <para>
+	    When <option>--password</option> or
+	    <option>--passfile</option> is given, this option will
+	    prevent <command>&COMMANDNAME;</command> from calling
+	    <command>ssh-keyscan</command> to get an SSH fingerprint
+	    for this host and, if successful, output suitable config
+	    options to use this fingerprint as a
+	    <option>checker</option> option in the output.  This is
+	    otherwise the default behavior.
+	  </para>
+	</listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
   
@@ -502,7 +525,9 @@
       <citerefentry><refentrytitle>mandos</refentrytitle>
       <manvolnum>8</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>mandos-client</refentrytitle>
-      <manvolnum>8mandos</manvolnum></citerefentry>
+      <manvolnum>8mandos</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
+      <manvolnum>1</manvolnum></citerefentry>
     </para>
   </refsect1>
   

=== modified file 'plugins.d/mandos-client.xml'
--- plugins.d/mandos-client.xml	2014-03-06 02:26:04 +0000
+++ plugins.d/mandos-client.xml	2014-06-22 02:19:30 +0000
@@ -2,7 +2,7 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY COMMANDNAME "mandos-client">
-<!ENTITY TIMESTAMP "2014-03-05">
+<!ENTITY TIMESTAMP "2014-06-22">
 <!ENTITY % common SYSTEM "../common.ent">
 %common;
 ]>
@@ -748,8 +748,9 @@
     <para>
       It will also help if the checker program on the server is
       configured to request something from the client which can not be
-      spoofed by someone else on the network, unlike unencrypted
-      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
+      spoofed by someone else on the network, like SSH server key
+      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
+      echo (<quote>ping</quote>) replies.
     </para>
     <para>
       <emphasis>Note</emphasis>: This makes it completely insecure to