/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-06-22 02:19:30 UTC
  • Revision ID: teddy@recompile.se-20140622021930-icl7h4cm97blhjml
mandos-keygen: Generate "checker" option to use SSH fingerprints.

To turn this off, use a new "--no-ssh" option to mandos-keygen.

* INSTALL (Mandos Server, Mandos Client): Document new suggested
                                          installation of SSH.
* Makefile (confdir/clients.conf): Use new "--no-ssh" option to
                                   "mandos-keygen".
* debian/control (mandos/Depends): Changed to "fping | ssh-client".
  (mandos-client/Recommends): New; set to "ssh".
* intro.xml (FREQUENTLY ASKED QUESTIONS): Rename and rewrite section
                                          called "Faking ping
                                          replies?" to address new
                                          default behavior.
* mandos-clients.conf.xml (OPTIONS/checker): Briefly discuss new
                                             behavior of
                                             mandos-keygen.
* mandos-keygen: Bug fix: Suppress failure output of "shred" to remove
                 "sec*", since no such files may exist.
 (password mode): Scan for SSH key fingerprints and output as new
                  "checker" and "ssh_fingerprint" options, unless new
                  "--no-ssh" option is given.
* mandos-keygen.xml (SYNOPSIS/--force): Bug fix: Document short form.
  (OPTIONS/--no-ssh): New.
  (SEE ALSO): Add reference "ssh-keyscan(1)".
* plugins.d/mandos-client.xml (SECURITY): Briefly mention the
                                          possibility of using SSH key
                                          fingerprints for checking.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY TIMESTAMP "2017-02-23">
 
4
<!ENTITY TIMESTAMP "2014-06-22">
5
5
<!ENTITY % common SYSTEM "common.ent">
6
6
%common;
7
7
]>
32
32
    <copyright>
33
33
      <year>2011</year>
34
34
      <year>2012</year>
35
 
      <year>2013</year>
36
 
      <year>2014</year>
37
 
      <year>2015</year>
38
 
      <year>2016</year>
39
 
      <year>2017</year>
40
35
      <holder>Teddy Hogeborn</holder>
41
36
      <holder>Björn Påhlsson</holder>
42
37
    </copyright>
78
73
  <refsect1 id="introduction">
79
74
    <title>INTRODUCTION</title>
80
75
    <para>
81
 
      <!-- This paragraph is a combination and paraphrase of two
82
 
           quotes from the 1995 movie “The Usual Suspects”. -->
83
76
      You know how it is.  You’ve heard of it happening.  The Man
84
77
      comes and takes away your servers, your friends’ servers, the
85
78
      servers of everybody in the same hosting facility. The servers
204
197
      </para>
205
198
    </refsect2>
206
199
    
207
 
    <refsect2 id="sniff">
208
 
      <title>How about sniffing the network traffic and decrypting it
209
 
      later by physically grabbing the Mandos client and using its
210
 
      key?</title>
211
 
      <para>
212
 
        We only use <acronym>PFS</acronym> (Perfect Forward Security)
213
 
        key exchange algorithms in TLS, which protects against this.
214
 
      </para>
215
 
    </refsect2>
216
 
    
217
200
    <refsect2 id="physgrab">
218
201
      <title>Physically grabbing the Mandos server computer?</title>
219
202
      <para>
382
365
    </para>
383
366
  </refsect1>
384
367
  
385
 
  <refsect1 id="bugs">
386
 
    <title>BUGS</title>
387
 
    <xi:include href="bugs.xml"/>
388
 
  </refsect1>
389
 
  
390
368
  <refsect1 id="see_also">
391
369
    <title>SEE ALSO</title>
392
370
    <para>
420
398
    <variablelist>
421
399
      <varlistentry>
422
400
        <term>
423
 
          <ulink url="https://www.recompile.se/mandos">Mandos</ulink>
 
401
          <ulink url="http://www.recompile.se/mandos">Mandos</ulink>
424
402
        </term>
425
403
        <listitem>
426
404
          <para>