Some starting documents
Zenny
garbytrash at gmail.com
Sun Dec 2 21:38:34 CET 2012
BTW, I forgot to mention that I get 'A checker has failed!' error in
VM A (mandos-server) when I check with mandos-monitor command.
I enabled all and get the following output:
# mandos-ctl -e --all
# mandos-ctl
Name Enabled Timeout Last Successful Check
gw1.domain.tld Yes 00:05:00
Is it something helpful to debug? Thanks!
On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
> And there is no firewall involved between these machines, because I
> have not configured any. No firewall configured at all at the moment.
>
> # iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
>> Dear Teddy and Dick:
>>
>> I tried also with a completely new debian squeeze installation with
>> dm-crypt and LUKS which has the following in the fstab:
>>
>> # <file system> <mount point> <type> <options> <dump> <pass>
>> proc /proc proc defaults 0 0
>> /dev/mapper/gw0-root / ext3 errors=remount-ro 0 1
>> # /boot was on /dev/sda1 during installation
>> UUID=22c1e040-0527-4845-b14d-3db74829167f /boot ext2
>> defaults 0 2
>> /dev/mapper/gw0-home /home ext3 defaults 0 2
>> /dev/mapper/gw0-tmp /tmp ext3 defaults 0 2
>> /dev/mapper/gw0-usr /usr ext3 defaults 0 2
>> /dev/mapper/gw0-var /var ext3 defaults 0 2
>> /dev/mapper/gw0-swap_1 none swap sw 0 0
>> /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
>>
>> This time the installation on the mandor-client in the machine works
>> and still executing:
>>
>> #/usr/lib/mandos/plugins.d/mandos-client \
>>> --pubkey=/etc/keys/mandos/pubkey.txt \
>>> --seckey=/etc/keys/mandos/seckey.txt; echo
>>
>> Does not give any output even after eons of time.
>>
>> What I did was:
>>
>> 1) Installed a completely new instance of debian squeeze using guided
>> installation with encryption in two VMs,
>> 2) then installed mandos-server in VM A and mandos-client in VM B.
>> 3) Generated the client info (mandos-keygen --password) in VM B
>> (mandos-client) and pasted that in /etc/mandos/clients.conf of VM A
>> (mandos server)
>> 4) Restarted mandos server in A and rebooted VM B to check whether it
>> can fetch information from server A to boot.
>> 5) Executed the above command to echo the password, but no output.
>>
>> There is nothing I could see where I can see the debug command,
>> because VM B cannot fetch the password from mandos-server in VM A,
>> meaning I have to feed the encryption password manually to boot VM B.
>>
>> BTW, Teddy, the documentation is neither complete or verbose. It is
>> wholly incomplete. At least I could have helped you to create a
>> document, provided something works in my case. And it is not working
>> at all? I am struggling for the last two days to make it work, yet no
>> go! Maybe this is the reason there is little adoption of mandos is not
>> so strong.
>>
>> I followed a longer solution for a similar solution (using a longer
>> method with manual remote feeding of the key), but that is not what I
>> am seeking rather something like mandos. But there is no luck that it
>> worked.
>>
>> I wish...
>>
>> zenny
>>
>> On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
>>> Thanks Dick for information.
>>>
>>> About the first mandos server-client pair I meant the mandos server
>>> which also tries to authenticate as client with each other, I
>>> installed mandos sever and clients in both of them and copied the
>>> output of 'mandos-keygen --passphrase' to the server's
>>> /etc/mandos/clients.conf yet it does not authenticate, yet asks for
>>> the passphrase in console?
>>>
>>> Tried to execute the following in the client console (as stated in
>>> http://bzr.recompile.se/loggerhead/mandos/trunk/annotate/head:/debian/mandos-client.README.Debian),
>>> but nothing happens even for hours.
>>>
>>> #/usr/lib/mandos/plugins.d/mandos-client \
>>>> --pubkey=/etc/keys/mandos/pubkey.txt \
>>>> --seckey=/etc/keys/mandos/seckey.txt; echo
>>>
>>> What did I miss? What other configuration changes that I need to make
>>> to make it work?
>>>
>>> Thanks!
>>>
>>> On 12/1/12, Zenny <garbytrash at gmail.com> wrote:
>>>> Hi again:
>>>>
>>>> I thoroughly read the documents in the site, yet I cannot figure out
>>>> how to achieve this:
>>>>
>>>> 1) Two mandos servers-clients authenticating between each other which
>>>> in turn provide authentication passwords to the local clients
>>>>
>>>> 2) The /boot is not partitioned, yet / and swap is encrypted over LVM
>>>> (dm-crypt plus LUKS).
>>>>
>>>> I searched over the Net and could not figure out how to achieve this.
>>>> Any pointers shall be appreciated.
>>>>
>>>> Regards
>>>> zenny
>>>>
>>>> On 11/30/12, Zenny <garbytrash at gmail.com> wrote:
>>>>> Hi:
>>>>>
>>>>> I happen to see your nice application just today and feel like
>>>>> deploying. Unfortunately I am getting errors while installing
>>>>> mados-client in embedded debian squeeze (voyage linux actually).
>>>>>
>>>>> 1) gpg: WARNING: some OpenPGP programs can't handle a DSA key with
>>>>> this digest size
>>>>>
>>>>> I know of this error maybe it is run on a i386 machine.
>>>>>
>>>>> 2) cryptsetup: WARNING: could not determine root device from
>>>>> /etc/fstab
>>>>>
>>>>> which looks like:
>>>>> root at voyage:~# cat /etc/fstab
>>>>> #/dev/hda1 / ext2 defaults,noatime,rw 0 0
>>>>> proc /proc proc defaults 0 0
>>>>> tmpfs /tmp tmpfs nosuid,nodev 0 0
>>>>> #tmpfs /rw tmpfs defaults,size=32M 0 0
>>>>>
>>>>>
>>>>> Appreciate if there is any pointers! Is there any tutorials on how to
>>>>> deploy mandos? FYI, I am trying to share keys between two mandos
>>>>> servers. Thanks!
>>>>>
>>>>
>>>
>>
>
More information about the Mandos-Dev
mailing list