/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-06-22 02:19:30 UTC
  • Revision ID: teddy@recompile.se-20140622021930-icl7h4cm97blhjml
mandos-keygen: Generate "checker" option to use SSH fingerprints.

To turn this off, use a new "--no-ssh" option to mandos-keygen.

* INSTALL (Mandos Server, Mandos Client): Document new suggested
                                          installation of SSH.
* Makefile (confdir/clients.conf): Use new "--no-ssh" option to
                                   "mandos-keygen".
* debian/control (mandos/Depends): Changed to "fping | ssh-client".
  (mandos-client/Recommends): New; set to "ssh".
* intro.xml (FREQUENTLY ASKED QUESTIONS): Rename and rewrite section
                                          called "Faking ping
                                          replies?" to address new
                                          default behavior.
* mandos-clients.conf.xml (OPTIONS/checker): Briefly discuss new
                                             behavior of
                                             mandos-keygen.
* mandos-keygen: Bug fix: Suppress failure output of "shred" to remove
                 "sec*", since no such files may exist.
 (password mode): Scan for SSH key fingerprints and output as new
                  "checker" and "ssh_fingerprint" options, unless new
                  "--no-ssh" option is given.
* mandos-keygen.xml (SYNOPSIS/--force): Bug fix: Document short form.
  (OPTIONS/--no-ssh): New.
  (SEE ALSO): Add reference "ssh-keyscan(1)".
* plugins.d/mandos-client.xml (SECURITY): Briefly mention the
                                          possibility of using SSH key
                                          fingerprints for checking.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY TIMESTAMP "2016-03-22">
 
4
<!ENTITY TIMESTAMP "2014-06-22">
5
5
<!ENTITY % common SYSTEM "common.ent">
6
6
%common;
7
7
]>
32
32
    <copyright>
33
33
      <year>2011</year>
34
34
      <year>2012</year>
35
 
      <year>2013</year>
36
 
      <year>2014</year>
37
 
      <year>2015</year>
38
 
      <year>2016</year>
39
35
      <holder>Teddy Hogeborn</holder>
40
36
      <holder>Björn Påhlsson</holder>
41
37
    </copyright>
201
197
      </para>
202
198
    </refsect2>
203
199
    
204
 
    <refsect2 id="sniff">
205
 
      <title>How about sniffing the network traffic and decrypting it
206
 
      later by physically grabbing the Mandos client and using its
207
 
      key?</title>
208
 
      <para>
209
 
        We only use <acronym>PFS</acronym> (Perfect Forward Security)
210
 
        key exchange algorithms in TLS, which protects against this.
211
 
      </para>
212
 
    </refsect2>
213
 
    
214
200
    <refsect2 id="physgrab">
215
201
      <title>Physically grabbing the Mandos server computer?</title>
216
202
      <para>
379
365
    </para>
380
366
  </refsect1>
381
367
  
382
 
  <refsect1 id="bugs">
383
 
    <title>BUGS</title>
384
 
    <xi:include href="bugs.xml"/>
385
 
  </refsect1>
386
 
  
387
368
  <refsect1 id="see_also">
388
369
    <title>SEE ALSO</title>
389
370
    <para>
417
398
    <variablelist>
418
399
      <varlistentry>
419
400
        <term>
420
 
          <ulink url="https://www.recompile.se/mandos">Mandos</ulink>
 
401
          <ulink url="http://www.recompile.se/mandos">Mandos</ulink>
421
402
        </term>
422
403
        <listitem>
423
404
          <para>