/mandos/trunk : revision 237.2.19

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

Committer: Teddy Hogeborn
Date: 2009-05-17 00:50:09 UTC
mto: (24.1.170 mandos) (237.4.29 release)
mto: This revision was merged to the branch mainline in revision 343.
Revision ID: teddy@fukt.bsnet.se-20090517005009-c0iptxampo6nf177

* initramfs-tools-hook-conf: Security bug fix: Add code to handle
being called by "mkinitramfs-kpkg"
instead of "update-initramfs".

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-09-03">

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2009-02-09">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

<refname><command>&COMMANDNAME;</command></refname>

Client for mandos

Client for <application>Mandos</application>

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--connect

<replaceable>IPADDR</replaceable><literal>:</literal

<replaceable>ADDRESS</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>IPADDR</replaceable><literal>:</literal

<replaceable>ADDRESS</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

</group>

<sbr/>

</arg>

<sbr/>

<arg>

<option>--delay <replaceable>SECONDS</replaceable></option>

</arg>

<sbr/>

<arg>

100

<option>--debug</option>

101

</arg>

102

</cmdsynopsis>

113

119

</group>

114

120

</cmdsynopsis>

115

121

</refsynopsisdiv>

116

122

117

123

118

124

<title>DESCRIPTION</title>

119

125

<para>

120

126

<command>&COMMANDNAME;</command> is a client program that

121

127

communicates with <citerefentry><refentrytitle

122

128

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

123

to get a password. It uses IPv6 link-local addresses to get

124

network connectivity, Zeroconf to find servers, and TLS with an

125

OpenPGP key to ensure authenticity and confidentiality. It

126

keeps running, trying all servers on the network, until it

127

receives a satisfactory reply or a TERM signal is recieved.

129

to get a password. In slightly more detail, this client program

130

brings up a network interface, uses the interface’s IPv6

131

link-local address to get network connectivity, uses Zeroconf to

132

find servers on the local network, and communicates with servers

133

using TLS with an OpenPGP key to ensure authenticity and

134

confidentiality. This client program keeps running, trying all

135

servers on the network, until it receives a satisfactory reply

136

or a TERM signal is received. If no servers are found, or after

137

all servers have been tried, it waits indefinitely for new

138

servers to appear.

128

139

</para>

129

140

<para>

130

141

This program is not meant to be run directly; it is really meant

184

195

</varlistentry>

185

196

186

197

187

<term><option>--interface=

188

198

<term><option>--interface=<replaceable

199

>NAME</replaceable></option></term>

189

200

<term><option>-i

190

201

191

202

192

203

<para>

193

204

Network interface that will be brought up and scanned for

194

Mandos servers to connect to. The default it

205

Mandos servers to connect to. The default is

195

206

<quote><literal>eth0</literal></quote>.

196

207

</para>

197

208

<para>

199

210

specifies the interface to use to connect to the address

200

211

given.

201

212

</para>

213

<para>

214

Note that since this program will normally run in the

215

initial RAM disk environment, the interface must be an

216

interface which exists at that stage. Thus, the interface

217

can not be a pseudo-interface such as <quote>br0</quote>

218

or <quote>tun0</quote>; such interfaces will not exist

219

until much later in the boot process, and can not be used

220

by this program.

221

</para>

222

<para>

223

<replaceable>NAME</replaceable> can be the empty string;

224

this will not use any specific interface, and will not

225

bring up an interface on startup. This is not

226

recommended, and only meant for advanced users.

227

</para>

202

228

</listitem>

203

229

</varlistentry>

204

230

215

241

</para>

216

242

</listitem>

217

243

</varlistentry>

218

244

219

245

220

246

<term><option>--seckey=<replaceable

221

247

>FILE</replaceable></option></term>

238

264

xpointer="priority"/>

239

265

</listitem>

240

266

</varlistentry>

241

267

242

268

243

269

<term><option>--dh-bits=<replaceable

244

270

>BITS</replaceable></option></term>

249

275

</para>

250

276

</listitem>

251

277

</varlistentry>

278

279

280

<term><option>--delay=<replaceable

281

>SECONDS</replaceable></option></term>

282

283

<para>

284

After bringing the network interface up, the program waits

285

for the interface to arrive in a <quote>running</quote>

286

state before proceeding. During this time, the kernel log

287

level will be lowered to reduce clutter on the system

288

console, alleviating any other plugins which might be

289

using the system console. This option sets the upper

290

limit of seconds to wait. The default is 2.5 seconds.

291

</para>

292

</listitem>

293

</varlistentry>

252

294

253

295

254

296

<term><option>--debug</option></term>

284

326

</para>

285

327

</listitem>

286

328

</varlistentry>

287

329

288

330

289

331

<term><option>--version</option></term>

290

332

296

338

</varlistentry>

297

339

</variablelist>

298

340

</refsect1>

299

341

300

342

301

343

<title>OVERVIEW</title>

302

344

<xi:include href="../overview.xml"/>

311

353

<filename>/etc/crypttab</filename>, but it would then be

312

354

impossible to enter a password for the encrypted root disk at

313

355

the console, since this program does not read from the console

314

at all. This is why a separate plugin (<citerefentry>

315

<refentrytitle>password-prompt</refentrytitle>

316

<manvolnum>8mandos</manvolnum></citerefentry>) does that, which

317

will be run in parallell to this one by the plugin runner.

356

at all. This is why a separate plugin runner (<citerefentry>

357

<refentrytitle>plugin-runner</refentrytitle>

358

<manvolnum>8mandos</manvolnum></citerefentry>) is used to run

359

both this program and others in in parallel,

360

<emphasis>one</emphasis> of which will prompt for passwords on

361

the system console.

318

362

</para>

319

363

</refsect1>

320

364

327

371

program will exit with a non-zero exit status only if a critical

328

372

error occurs. Otherwise, it will forever connect to new

329

373

<application>Mandos</application> servers as they appear, trying

330

to get a decryptable password.

374

to get a decryptable password and print it.

331

375

</para>

332

376

</refsect1>

333

377

341

385

</para>

342

386

</refsect1>

343

387

344

388

345

389

<title>FILES</title>

346

390

347

391

366

410

367

411

368

412

369

413

370

414

371

415

<title>EXAMPLE</title>

372

416

<para>

386

430

</informalexample>

387

431

388

432

<para>

389

Search for Mandos servers on another interface:

433

Search for Mandos servers (and connect to them) using another

434

interface:

390

435

</para>

391

436

<para>

392

437

407

452

408

453

<para>

409

454

Run in debug mode, with a custom key, and do not use Zeroconf

410

to locate a server; connect directly to the IPv6 address

411

<quote><systemitem class="ipaddress"

412

>2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,

413

port 4711, using interface eth2:

455

to locate a server; connect directly to the IPv6 link-local

456

address <quote><systemitem class="ipaddress"

457

>fe80::aede:48ff:fe71:f6f2</systemitem></quote>, port 4711,

458

using interface eth2:

414

459

</para>

415

460

<para>

416

461

417

462

418

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>

463

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect fe80::aede:48ff:fe71:f6f2:4711 --interface eth2</userinput>

419

464

420

465

</para>

421

466

</informalexample>

422

467

</refsect1>

423

468

424

469

425

470

<title>SECURITY</title>

426

471

<para>

446

491

The only remaining weak point is that someone with physical

447

492

access to the client hard drive might turn off the client

448

493

computer, read the OpenPGP keys directly from the hard drive,

449

and communicate with the server. The defense against this is

450

that the server is supposed to notice the client disappearing

451

and will stop giving out the encrypted data. Therefore, it is

452

important to set the timeout and checker interval values tightly

453

on the server. See <citerefentry><refentrytitle

494

and communicate with the server. To safeguard against this, the

495

server is supposed to notice the client disappearing and stop

496

giving out the encrypted data. Therefore, it is important to

497

set the timeout and checker interval values tightly on the

498

server. See <citerefentry><refentrytitle

454

499

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

455

500

</para>

456

501

<para>

467

512

confidential.

468

513

</para>

469

514

</refsect1>

470

515

471

516

472

517

473

518

<para>

598

643

</varlistentry>

599

644

</variablelist>

600

645

</refsect1>

601

602

646

</refentry>

647

603

648

604

649

605

650

Older »