MANDOS(8) | Mandos Manual | MANDOS(8) |
mandos - Gives encrypted passwords to authenticated Mandos clients
mandos [--interface NAME |
-i NAME]
[--address ADDRESS |
-a ADDRESS]
[--port PORT |
-p PORT]
[--priority PRIORITY]
[--servicename NAME]
[--configdir DIRECTORY]
[--debug]
[--debuglevel LEVEL]
[--no-dbus]
[--no-ipv6]
[--no-restore]
[--statedir DIRECTORY]
[--socket FD]
[--foreground]
[--no-zeroconf]
mandos {--help | -h}
mandos --version
mandos --check
mandos is a server daemon which handles incoming requests for passwords for a pre-defined list of client host computers. For an introduction, see intro(8mandos). The Mandos server uses Zeroconf to announce itself on the local network, and uses TLS to communicate securely with and to authenticate the clients. The Mandos server uses IPv6 to allow Mandos clients to use IPv6 link-local addresses, since the clients will probably not have any other addresses configured (see the section called “OVERVIEW”). Any authenticated client is then given the stored pre-encrypted password for that specific client.
The purpose of this is to enable remote and unattended rebooting of client host computer with an encrypted root file system. See the section called “OVERVIEW” for details.
--help, -h
--interface NAME, -i NAME
--address ADDRESS, -a ADDRESS
--port PORT, -p PORT
--check
--debug
--debuglevel LEVEL
--priority PRIORITY
“SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA” when using raw public keys in TLS, and “SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256” when using OpenPGP keys in TLS,. See gnutls_priority_init(3) for the syntax. Warning: changing this may make the TLS handshake fail, making server-client communication impossible. Changing this option may also make the network traffic decryptable by an attacker.
--servicename NAME
--configdir DIRECTORY
--version
--no-dbus
See also the section called “D-BUS INTERFACE”.
--no-ipv6
--no-restore
See also the section called “PERSISTENT STATE”.
--statedir DIRECTORY
--socket FD
--foreground
--no-zeroconf
This is part of the Mandos system for allowing computers to have encrypted root file systems and at the same time be capable of remote and/or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using a TLS key; each client has one unique to it. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using a separate OpenPGP key, and the password is then used to unlock the root file system, whereupon the computers can continue booting normally.
This program is the server part. It is a normal server program and will run in a normal system environment, not in an initial RAM disk environment.
The Mandos server announces itself as a Zeroconf service of type “_mandos._tcp”. The Mandos client connects to the announced address and port, and sends a line of text where the first whitespace-separated field is the protocol version, which currently is “1”. The client and server then start a TLS protocol handshake with a slight quirk: the Mandos server program acts as a TLS “client” while the connecting Mandos client acts as a TLS “server”. The Mandos client must supply a TLS public key, and the key ID of this public key is used by the Mandos server to look up (in a list read from clients.conf at start time) which binary blob to give the client. No other authentication or authorization is done by the server.
Table 1. Mandos Protocol (Version 1)
Mandos Client | Direction | Mandos Server |
Connect | -> | |
“1\r\n” | -> | |
TLS handshake as TLS “server” | <-> | TLS handshake as TLS “client” |
Public key (part of TLS handshake) | -> | |
<- | Binary blob (client will assume OpenPGP data) | |
<- | Close |
The server will, by default, continually check that the clients
are still up. If a client has not been confirmed as being up for some time,
the client is assumed to be compromised and is no longer eligible to receive
the encrypted password. (Manual intervention is required to re-enable a
client.) The timeout, extended timeout, checker program, and interval
between checks can be configured both globally and per client; see
mandos-clients.conf(5).
The server can be configured to require manual approval for a client before it is sent its secret. The delay to wait for such approval and the default action (approve or deny) can be configured both globally and per client; see mandos-clients.conf(5). By default all clients will be approved immediately without delay.
This can be used to deny a client its secret if not manually approved within a specified time. It can also be used to make the server delay before giving a client its secret, allowing optional manual denying of this specific client.
The server will send log message with various severity levels to /dev/log. With the --debug option, it will log even more messages, and also show them on the console.
Client settings, initially read from clients.conf, are persistent across restarts, and run-time changes will override settings in clients.conf. However, if a setting is changed (or a client added, or removed) in clients.conf, this will take precedence.
The server will by default provide a D-Bus system bus interface. This interface will only be accessible by the root user or a Mandos-specific user, if such a user exists. For documentation of the D-Bus API, see the file DBUS-API.
The server will exit with a non-zero exit status only when a critical error is encountered.
PATH
Use the --configdir option to change where mandos looks for its configurations files. The default file names are listed here.
/etc/mandos/mandos.conf
/etc/mandos/clients.conf
/run/mandos.pid
/var/lib/mandos
/dev/log
/bin/sh
This server might, on especially fatal errors, emit a Python backtrace. This could be considered a feature.
There is no fine-grained control over logging and debug output.
Please report bugs to the Mandos development mailing list: <mandos-dev@recompile.se> (subscription required). Note that this list is public. The developers can be reached privately at <mandos@recompile.se> (OpenPGP key fingerprint 153A 37F1 0BBA 0435 987F 2C4A 7223 2973 CA34 C2C4 for encrypted mail).
Normal invocation needs no options:
mandos
Run the server in debug mode, read configuration files from the ~/mandos directory, and use the Zeroconf service name “Test” to not collide with any other official Mandos server on this host:
mandos --debug --configdir ~/mandos --servicename Test
Run the server normally, but only listen to one interface and only on the link-local address on that interface:
mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2
Running this mandos server program should not in itself present any security risk to the host computer running it. The program switches to a non-root user soon after startup.
The server only gives out its stored data to clients which does have the correct key ID of the stored key ID. This is guaranteed by the fact that the client sends its public key in the TLS handshake; this ensures it to be genuine. The server computes the key ID of the key itself and looks up the key ID in its list of clients. The clients.conf file (see mandos-clients.conf(5)) must be made non-readable by anyone except the user starting the server (usually root).
As detailed in the section called “CHECKING”, the status of all client computers will continually be checked and be assumed compromised if they are gone for too long.
For more details on client-side security, see mandos-client(8mandos).
intro(8mandos), mandos-clients.conf(5), mandos.conf(5), mandos-client(8mandos), sh(1)
Zeroconf[1]
Avahi[2]
GnuTLS[3]
RFC 4291: IP Version 6 Addressing Architecture
Section 2.2: Text Representation of Addresses
Section 2.5.5.2: IPv4-Mapped IPv6 Address
Section 2.5.6, Link-Local IPv6 Unicast Addresses
RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2
RFC 4880: OpenPGP Message Format
RFC 7250: Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
RFC 6091: Using OpenPGP Keys for Transport Layer Security (TLS) Authentication
Copyright © 2008-2019 Teddy Hogeborn, Björn
Påhlsson
This manual page is part of Mandos.
Mandos is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Mandos is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with Mandos. If not, see http://www.gnu.org/licenses/.
2022-04-24 | Mandos 1.8.16 |