%common; ]> Mandos &version; &TIMESTAMP; Björn Påhlsson

belorn@recompile.se

Teddy Hogeborn

teddy@recompile.se

2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 Teddy Hogeborn Björn Påhlsson &COMMANDNAME; 8 &COMMANDNAME; Gives encrypted passwords to authenticated Mandos clients &COMMANDNAME; --interface NAME -i NAME --address ADDRESS -a ADDRESS --port PORT -p PORT --priority PRIORITY --servicename NAME --configdir DIRECTORY --debug --debuglevel LEVEL --no-dbus --no-ipv6 --no-restore --statedir DIRECTORY --socket FD --foreground --no-zeroconf &COMMANDNAME; --help -h &COMMANDNAME; --version &COMMANDNAME; --check &COMMANDNAME; is a server daemon which handles incoming request for passwords for a pre-defined list of client host computers. For an introduction, see intro 8mandos. The Mandos server uses Zeroconf to announce itself on the local network, and uses TLS to communicate securely with and to authenticate the clients. The Mandos server uses IPv6 to allow Mandos clients to use IPv6 link-local addresses, since the clients will probably not have any other addresses configured (see ). Any authenticated client is then given the stored pre-encrypted password for that specific client. The purpose of this is to enable remote and unattended rebooting of client host computer with an encrypted root file system. See for details. --help -h Show a help message and exit --interface NAME -i NAME --address ADDRESS -a ADDRESS --port PORT -p PORT --check Run the server’s self-tests. This includes any unit tests, etc. --debug --debuglevel LEVEL Set the debugging log level. LEVEL is a string, one of CRITICAL, ERROR, WARNING, INFO, or DEBUG, in order of increasing verbosity. The default level is WARNING. --priority PRIORITY --servicename NAME --configdir DIRECTORY Directory to search for configuration files. Default is /etc/mandos. See mandos.conf 5 and mandos-clients.conf 5. --version Prints the program version and exit. --no-dbus See also . --no-ipv6 --no-restore See also . --statedir DIRECTORY --socket FD --foreground --no-zeroconf This program is the server part. It is a normal server program and will run in a normal system environment, not in an initial RAM disk environment. The Mandos server announces itself as a Zeroconf service of type _mandos._tcp. The Mandos client connects to the announced address and port, and sends a line of text where the first whitespace-separated field is the protocol version, which currently is 1. The client and server then start a TLS protocol handshake with a slight quirk: the Mandos server program acts as a TLS client while the connecting Mandos client acts as a TLS server. The Mandos client must supply an OpenPGP certificate, and the fingerprint of this certificate is used by the Mandos server to look up (in a list read from clients.conf at start time) which binary blob to give the client. No other authentication or authorization is done by the server. Mandos Client Direction Mandos Server Connect -> 1\r\n -> TLS handshake as TLS server <-> TLS handshake as TLS client OpenPGP public key (part of TLS handshake) -> <- Binary blob (client will assume OpenPGP data) <- Close The server will, by default, continually check that the clients are still up. If a client has not been confirmed as being up for some time, the client is assumed to be compromised and is no longer eligible to receive the encrypted password. (Manual intervention is required to re-enable a client.) The timeout, extended timeout, checker program, and interval between checks can be configured both globally and per client; see mandos-clients.conf 5. The server can be configured to require manual approval for a client before it is sent its secret. The delay to wait for such approval and the default action (approve or deny) can be configured both globally and per client; see mandos-clients.conf 5. By default all clients will be approved immediately without delay. This can be used to deny a client its secret if not manually approved within a specified time. It can also be used to make the server delay before giving a client its secret, allowing optional manual denying of this specific client. The server will send log message with various severity levels to /dev/log. With the --debug option, it will log even more messages, and also show them on the console. Client settings, initially read from clients.conf, are persistent across restarts, and run-time changes will override settings in clients.conf. However, if a setting is changed (or a client added, or removed) in clients.conf, this will take precedence. The server will by default provide a D-Bus system bus interface. This interface will only be accessible by the root user or a Mandos-specific user, if such a user exists. For documentation of the D-Bus API, see the file DBUS-API. The server will exit with a non-zero exit status only when a critical error is encountered. PATH To start the configured checker (see ), the server uses /bin/sh, which in turn uses PATH to search for matching commands if an absolute path is not given. See sh1 . Use the --configdir option to change where &COMMANDNAME; looks for its configurations files. The default file names are listed here. /etc/mandos/mandos.conf Server-global settings. See mandos.conf 5 for details. /etc/mandos/clients.conf List of clients and client-specific settings. See mandos-clients.conf 5 for details. /run/mandos.pid The file containing the process id of the &COMMANDNAME; process started last. Note: If the /run directory does not exist, /var/run/mandos.pid will be used instead. /var/lib/mandos Directory where persistent state will be saved. Change this with the --statedir option. See also the --no-restore option. /dev/log The Unix domain socket to where local syslog messages are sent. /bin/sh This is used to start the configured checker command for each client. See mandos-clients.conf 5 for details. This server might, on especially fatal errors, emit a Python backtrace. This could be considered a feature. There is no fine-grained control over logging and debug output. This server does not check the expire time of clients’ OpenPGP keys. Normal invocation needs no options: &COMMANDNAME; Run the server in debug mode, read configuration files from the ~/mandos directory, and use the Zeroconf service name Test to not collide with any other official Mandos server on this host: &COMMANDNAME; --debug --configdir ~/mandos --servicename Test Run the server normally, but only listen to one interface and only on the link-local address on that interface: &COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2 Running this &COMMANDNAME; server program should not in itself present any security risk to the host computer running it. The program switches to a non-root user soon after startup. The server only gives out its stored data to clients which does have the OpenPGP key of the stored fingerprint. This is guaranteed by the fact that the client sends its OpenPGP public key in the TLS handshake; this ensures it to be genuine. The server computes the fingerprint of the key itself and looks up the fingerprint in its list of clients. The clients.conf file (see mandos-clients.conf 5) must be made non-readable by anyone except the user starting the server (usually root). As detailed in , the status of all client computers will continually be checked and be assumed compromised if they are gone for too long. For more details on client-side security, see mandos-client 8mandos. intro 8mandos, mandos-clients.conf 5, mandos.conf 5, mandos-client 8mandos, sh 1 Zeroconf Zeroconf is the network protocol standard used by clients for finding this Mandos server on the local network. Avahi Avahi is the library this server calls to implement Zeroconf service announcements. GnuTLS GnuTLS is the library this server uses to implement TLS for communicating securely with the client, and at the same time confidently get the client’s public OpenPGP key. RFC 4291: IP Version 6 Addressing Architecture Section 2.2: Text Representation of Addresses Section 2.5.5.2: IPv4-Mapped IPv6 Address Section 2.5.6, Link-Local IPv6 Unicast Addresses The clients use IPv6 link-local addresses, which are immediately usable since a link-local addresses is automatically assigned to a network interfaces when it is brought up. RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 TLS 1.2 is the protocol implemented by GnuTLS. RFC 4880: OpenPGP Message Format The data sent to clients is binary encrypted OpenPGP data. RFC 6091: Using OpenPGP Keys for Transport Layer Security (TLS) Authentication This is implemented by GnuTLS and used by this server so that OpenPGP keys can be used.