/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to INSTALL

Committer: Teddy Hogeborn
Date: 2024-11-24 00:44:25 UTC
Revision ID: teddy@recompile.se-20241124004425-6k3y0ir1ksyjq3c4

mandos-keygen: Show warning about old OpenSSH versions

When generating a config file snippet on the Mandos client system
using mandos-keygen, and the default ssh-keyscan checker is used, and
if the OpenSSH version is 9.8 or later, the "checker" command
generated for the config file on the Mandos server will include the
"-q" option for ssh-keyscan.  This option did not exist on ssh-keyscan
from OpenSSH older than version 9.8.  Therefore, if the Mandos
*server* is running an older version of OpenSSH, where ssh-keyscan
does not support the "-q" option, this option must be removed from the
generated "checker" setting.  Since we cannot know if this is the case
when running mandos-keygen on the Mandos client system, we print this
information as a comment above the generated "checker" setting.

* mandos-keygen: Show warning if the new "-q" options was used with
  ssh-keyscan in the generated "checker" setting.

files added:
debian/mandos.maintscript

debian/po/es.po

debian/po/nl.po

debian/po/pt_BR.po

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/po/fr.po

debian/rules

dracut-module/ask-password-mandos.service

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

90

90

91

91

2. On the computer to run as a Mandos server, run the following

92

92

command:

93

For Debian: su -c 'make install-server'

93

For Debian: su - -c 'make install-server'

94

94

For Ubuntu: sudo make install-server

95

95

96

96

(This creates a configuration without any clients configured; you

102

102

103

103

2. On the computer to run as a Mandos client, run the following

104

104

command:

105

For Debian: su -c 'make install-client'

105

For Debian: su - -c 'make install-client'

106

106

For Ubuntu: sudo make install-client

107

107

108

108

This will also create an OpenPGP key, which will take some time

109

109

and entropy, so be patient.

110

110

111

111

3. Run the following command:

112

For Debian: su -c 'mandos-keygen --password'

112

For Debian: su - -c 'mandos-keygen --password'

113

113

For Ubuntu: sudo mandos-keygen --password

114

114

115

115

When prompted, enter the password/passphrase for the encrypted

127

127

# update-initramfs -k all -u

128

128

129

129

5. On the server computer, start the server by running the command

130

For Debian: su -c 'invoke-rc.d mandos start'

130

For Debian: su - -c 'invoke-rc.d mandos start'

131

131

For Ubuntu: sudo service mandos start

132

132

133

133

At this point, it is possible to verify that the correct password

Older »