3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY CONFNAME "mandos-clients.conf">
5
5
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
<!ENTITY TIMESTAMP "2019-02-10">
6
<!ENTITY TIMESTAMP "2018-02-08">
7
7
<!ENTITY % common SYSTEM "common.ent">
187
186
>--</option> %%(host)s</literal></quote>. Note that
188
187
<command>mandos-keygen</command>, when generating output
189
188
to be inserted into this file, normally looks for an SSH
190
server on the Mandos client, and, if it finds one, outputs
189
server on the Mandos client, and, if it find one, outputs
191
190
a <option>checker</option> option to check for the
192
client’s SSH key fingerprint – this is more secure against
191
client’s key fingerprint – this is more secure against
228
227
><replaceable>HEXSTRING</replaceable></option></term>
231
This option is <emphasis>required</emphasis> if the
232
<option>key_id</option> is not set, and
233
<emphasis>optional</emphasis> otherwise.
236
This option sets the OpenPGP fingerprint that (before
237
GnuTLS 3.6.0) identified the public key that clients
238
authenticate themselves with through TLS. The string
239
needs to be in hexadecimal form, but spaces or upper/lower
240
case are not significant.
246
<term><option>key_id<literal> = </literal
247
><replaceable>HEXSTRING</replaceable></option></term>
250
This option is <emphasis>required</emphasis> if the
251
<option>fingerprint</option> is not set, and
252
<emphasis>optional</emphasis> otherwise.
255
This option sets the certificate key ID that (with GnuTLS
256
3.6.6 or later) identifies the public key that clients
257
authenticate themselves with through TLS. The string
258
needs to be in hexadecimal form, but spaces or upper/lower
259
case are not significant.
230
This option is <emphasis>required</emphasis>.
233
This option sets the OpenPGP fingerprint that identifies
234
the public key that clients authenticate themselves with
235
through TLS. The string needs to be in hexadecimal form,
236
but spaces or upper/lower case are not significant.
338
315
If present, this option must be set to a string of
339
316
base64-encoded binary data. It will be decoded and sent
340
to the client matching the above <option>key_id</option>
341
or <option>fingerprint</option>. This should, of course,
342
be OpenPGP encrypted data, decryptable only by the client.
317
to the client matching the above
318
<option>fingerprint</option>. This should, of course, be
319
OpenPGP encrypted data, decryptable only by the client.
343
320
The program <citerefentry><refentrytitle><command
344
321
>mandos-keygen</command></refentrytitle><manvolnum
345
322
>8</manvolnum></citerefentry> can, using its
440
417
<quote><literal>created</literal></quote>,
441
418
<quote><literal>enabled</literal></quote>,
442
419
<quote><literal>expires</literal></quote>,
443
<quote><literal>key_id</literal></quote>,
444
420
<quote><literal>fingerprint</literal></quote>,
445
421
<quote><literal>host</literal></quote>,
446
422
<quote><literal>interval</literal></quote>,
added
removed
mandos-clients.conf.xml
