41
+ GnuTLS 3.3 https://www.gnutls.org/
42
(but not 3.6.0 or later, until 3.6.6, which works)
43
+ Avahi 0.6.16 https://www.avahi.org/
44
+ Python 3 https://www.python.org/
45
Note: Python 2.7 is still supported, if the "mandos",
46
"mandos-ctl", and "mandos-monitor" files are edited to contain
47
"#!/usr/bin/python" instead of python3.
48
+ dbus-python 0.82.4 https://dbus.freedesktop.org/doc/dbus-python/
49
+ PyGObject 3.8 https://wiki.gnome.org/Projects/PyGObject
50
+ pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
41
+ GnuTLS 3.3 http://www.gnutls.org/
42
+ Avahi 0.6.16 http://www.avahi.org/
43
+ Python 2.7 https://www.python.org/
44
+ dbus-python 0.82.4 http://dbus.freedesktop.org/doc/dbus-python/
45
+ PyGObject 2.14.2 https://developer.gnome.org/pygobject/
46
+ pkg-config http://www.freedesktop.org/wiki/Software/pkg-config/
51
47
+ Urwid 1.0.1 http://urwid.org/
52
48
(Only needed by the "mandos-monitor" tool.)
56
52
+ ssh-keyscan from OpenSSH http://www.openssh.com/
59
avahi-daemon python3 python3-dbus python3-gi python3-urwid
60
pkg-config fping ssh-client
55
avahi-daemon python python-avahi python-dbus python-gobject
56
python-urwid pkg-config fping ssh-client
63
+ GNU C Library 2.17 https://gnu.org/software/libc/
64
+ GnuTLS 3.3 https://www.gnutls.org/
65
(but not 3.6.0 or later, until 3.6.6 which works)
66
+ Avahi 0.6.16 https://www.avahi.org/
59
+ initramfs-tools 0.85i
60
https://tracker.debian.org/pkg/initramfs-tools
61
+ GnuTLS 3.3 http://www.gnutls.org/
62
+ Avahi 0.6.16 http://www.avahi.org/
67
63
+ GnuPG 1.4.9 https://www.gnupg.org/
68
64
+ GPGME 1.1.6 https://www.gnupg.org/related_software/gpgme/
69
+ pkg-config https://www.freedesktop.org/wiki/Software/pkg-config/
70
+ libnl-route 3 https://www.infradead.org/~tgr/libnl/
71
+ GLib 2.40 http://www.gtk.org/
74
+ initramfs-tools 0.85i
75
https://tracker.debian.org/pkg/initramfs-tools
77
http://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
65
+ pkg-config http://www.freedesktop.org/wiki/Software/pkg-config/
79
67
Strongly recommended:
80
68
+ OpenSSH http://www.openssh.com/
83
initramfs-tools dracut libgnutls-dev gnutls-bin libavahi-core-dev
84
gnupg libgpgme11-dev pkg-config ssh libnl-route-3-dev
71
initramfs-tools libgnutls-dev libavahi-core-dev gnupg
72
libgpgme11-dev pkg-config ssh
87
74
* Installing the Mandos server
91
78
2. On the computer to run as a Mandos server, run the following
93
For Debian: su - -c 'make install-server'
80
For Debian: su -c 'make install-server'
94
81
For Ubuntu: sudo make install-server
96
83
(This creates a configuration without any clients configured; you
103
90
2. On the computer to run as a Mandos client, run the following
105
For Debian: su - -c 'make install-client'
92
For Debian: su -c 'make install-client'
106
93
For Ubuntu: sudo make install-client
108
95
This will also create an OpenPGP key, which will take some time
109
96
and entropy, so be patient.
111
98
3. Run the following command:
112
For Debian: su - -c 'mandos-keygen --password'
99
For Debian: su -c 'mandos-keygen --password'
113
100
For Ubuntu: sudo mandos-keygen --password
115
102
When prompted, enter the password/passphrase for the encrypted
127
114
# update-initramfs -k all -u
129
116
5. On the server computer, start the server by running the command
130
For Debian: su - -c 'invoke-rc.d mandos start'
117
For Debian: su -c 'invoke-rc.d mandos start'
131
118
For Ubuntu: sudo service mandos start
133
120
At this point, it is possible to verify that the correct password
136
123
# /usr/lib/mandos/plugins.d/mandos-client \
137
124
--pubkey=/etc/keys/mandos/pubkey.txt \
138
--seckey=/etc/keys/mandos/seckey.txt \
139
--tls-privkey=/etc/keys/mandos/tls-privkey.pem \
140
--tls-pubkey=/etc/keys/mandos/tls-pubkey.pem; echo
125
--seckey=/etc/keys/mandos/seckey.txt; echo
142
127
This command should retrieve the password from the server,
143
128
decrypt it, and output it to standard output.