The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
|Tags||Boot Security Cryptography Systems Administration|
|Operating Systems||POSIX Linux Debian GNU/Linux Ubuntu|
|Implementation||Unix Shell Python C ZeroConf TLS OpenPGP|
Release Notes: The client now uses all available interfaces, not just the first usable one. The server takes a new "--foreground" option.
Release Notes: The server now has a --socket option.
Release Notes: Bugfixes (some for regression bugs) for the server and related utilities.
Release Notes: The D-Bus property se.recompile.Client.LastCheckerStatus has been added to Server and is used in mandos-monitor to fix a display logic bug. Client bugs in the example "bridge" network hook have been fixed.
Release Notes: This release removes the recently added D-Bus signal "se.recompile.Mandos.NewRequest"; its implementation was buggy and its utility questionable.