/mandos/trunk : revision 896

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2017-02-21 21:42:08 UTC
Revision ID: teddy@recompile.se-20170221214208-09wu1p4l2hjhqfoj

Use "read -r" in shell scripts to avoid backslash escapes

* initramfs-tools-hook: Use "read -r" to read filenames from network
hook given the "files" argument.
* initramfs-tools-script: Use "read -e" when parsing
"/conf/conf.d/cryptroot".
* mandos-keygen (keygen): Use "read -r" when reading passphrase.

files added:
bugs.xml

debian/mandos-client.examples

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-unpack

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

intro.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY TIMESTAMP "2011-08-08">

<!ENTITY TIMESTAMP "2016-11-27">

<!ENTITY % common SYSTEM "common.ent">

%common;

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<title>INTRODUCTION</title>

<para>

<!-- This paragraph is a combination and paraphrase of two

quotes from the 1995 movie “The Usual Suspects”. -->

You know how it is. You’ve heard of it happening. The Man

comes and takes away your servers, your friends’ servers, the

servers of everybody in the same hosting facility. The servers

196

203

</para>

197

204

</refsect2>

198

205

206

207

<title>How about sniffing the network traffic and decrypting it

208

later by physically grabbing the Mandos client and using its

209

key?</title>

210

<para>

211

We only use <acronym>PFS</acronym> (Perfect Forward Security)

212

key exchange algorithms in TLS, which protects against this.

213

</para>

214

</refsect2>

215

199

216

200

217

<title>Physically grabbing the Mandos server computer?</title>

201

218

<para>

214

231

</para>

215

232

</refsect2>

216

233

217

218

<title>Faking ping replies?</title>

234

235

<title>Faking checker results?</title>

219

236

<para>

220

The default for the server is to use

237

If the Mandos client does not have an SSH server, the default

238

is for the Mandos server to use

221

239

<quote><literal>fping</literal></quote>, the replies to which

222

240

could be faked to eliminate the timeout. But this could

223

241

easily be changed to any shell command, with any security

224

measures you like. It could, for instance, be changed to an

225

SSH command with strict keychecking, which could not be faked.

226

Or IPsec could be used for the ping packets, making them

227

secure.

242

measures you like. If the Mandos client

243

<emphasis>has</emphasis> an SSH server, the default

244

configuration (as generated by

245

<command>mandos-keygen</command> with the

246

<option>--password</option> option) is for the Mandos server

247

to use an <command>ssh-keyscan</command> command with strict

248

keychecking, which can not be faked. Alternatively, IPsec

249

could be used for the ping packets, making them secure.

228

250

</para>

229

251

</refsect2>

230

252

</refsect1>

359

381

</para>

360

382

</refsect1>

361

383

384

385

386

<xi:include href="bugs.xml"/>

387

</refsect1>

388

362

389

363

390

364

391

<para>

392

419

393

420

394

421

<term>

395

<ulink url="http://www.fukt.bsnet.se/mandos">Mandos</ulink>

422

<ulink url="https://www.recompile.se/mandos">Mandos</ulink>

396

423

</term>

397

424

398

425

<para>

Older »