The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
|Tags||Boot Security Cryptography Systems Administration|
|Operating Systems||POSIX Linux Debian GNU/Linux Ubuntu|
|Implementation||Unix Shell Python C ZeroConf TLS OpenPGP|
Release Notes: This release adds a minor fix to self-tests.
Release Notes: This release adds systemd support for servers. It falls back to /var/run for a PID file if /run does not exist. It moves client data files from /usr/lib/mandos to whatever the architecture specifies, like /usr/lib/x86_64-linux-gnu/mandos or /usr/lib64/mandos.
Release Notes: A GnuTLS connection problem was finally fixed. A key generation bug that caused bad keys to be generated was also fixed.
Release Notes: All client, and mandos-ctl, options for time intervals now also take an RFC 3339 duration. The default key type and length are now RSA and 4096 bit. Bugfixes: handles fast checkers (like ":") correctly. Doesn't print output from checkers when running in the foreground. Handles when a client is removed from clients.conf but saved settings remain. mandos-monitor now displays standout (reverse video). Boolean options work from the config file again. --no-ipv6 works again. The new default GnuTLS priority string is slightly more compatible with older versions of GnuTLS. A bashism in mandos-keygen has been fixed.
Release Notes: The client now uses all available interfaces, not just the first usable one. The server takes a new "--foreground" option.