Some starting documents

Zenny garbytrash at gmail.com
Sun Dec 2 21:28:16 CET 2012 

Dear Teddy and Dick:

I tried also with a completely new debian squeeze installation with
dm-crypt and LUKS which has the following in the fstab:

# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/mapper/gw0-root /               ext3    errors=remount-ro 0       1
# /boot was on /dev/sda1 during installation
UUID=22c1e040-0527-4845-b14d-3db74829167f /boot           ext2
defaults        0       2
/dev/mapper/gw0-home /home           ext3    defaults        0       2
/dev/mapper/gw0-tmp /tmp            ext3    defaults        0       2
/dev/mapper/gw0-usr /usr            ext3    defaults        0       2
/dev/mapper/gw0-var /var            ext3    defaults        0       2
/dev/mapper/gw0-swap_1 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto     0       0

This time the installation on the mandor-client in the machine works
and still executing:

#/usr/lib/mandos/plugins.d/mandos-client \
> --pubkey=/etc/keys/mandos/pubkey.txt \
> --seckey=/etc/keys/mandos/seckey.txt; echo

Does not give any output even after eons of time.

What I did was:

1) Installed a completely new instance of debian squeeze using guided
installation with encryption in two VMs,
2) then installed mandos-server in VM A and mandos-client in VM B.
3) Generated the client info (mandos-keygen --password) in VM B
(mandos-client) and pasted that in /etc/mandos/clients.conf of VM A
(mandos server)
4) Restarted mandos server in A and rebooted VM B to check whether it
can fetch information from server A to boot.
5) Executed the above command to echo the password, but no output.

There is nothing I could see where I can see the debug command,
because VM B cannot fetch the password from mandos-server in VM A,
meaning I have to feed the encryption password manually to boot VM B.

BTW, Teddy, the documentation is neither complete or verbose. It is
wholly incomplete. At least I could have helped you to create a
document, provided something works in my case. And it is not working
at all? I am struggling for the last two days to make it work, yet no
go! Maybe this is the reason there is little adoption of mandos is not
so strong.

I followed a longer solution for a similar solution (using a longer
method with manual remote feeding of the key), but that is not what I
am seeking rather something like mandos. But there is no luck that it
worked.

I wish...

zenny

On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
> Thanks Dick for information.
>
> About the first mandos server-client pair I meant the mandos server
> which also tries to authenticate as client with each other, I
> installed mandos sever and clients in both of them and copied the
> output of 'mandos-keygen --passphrase' to the server's
> /etc/mandos/clients.conf yet it does not authenticate, yet asks for
> the passphrase in console?
>
> Tried to execute the following in the client console (as stated in
> http://bzr.recompile.se/loggerhead/mandos/trunk/annotate/head:/debian/mandos-client.README.Debian),
> but nothing happens even for hours.
>
> #/usr/lib/mandos/plugins.d/mandos-client \
>> --pubkey=/etc/keys/mandos/pubkey.txt \
>> --seckey=/etc/keys/mandos/seckey.txt; echo
>
> What did I miss? What other configuration changes that I need to make
> to make it work?
>
> Thanks!
>
> On 12/1/12, Zenny <garbytrash at gmail.com> wrote:
>> Hi again:
>>
>> I thoroughly read the documents in the site, yet I cannot figure out
>> how to achieve this:
>>
>> 1) Two mandos servers-clients authenticating between each other which
>> in turn provide authentication passwords to the local clients
>>
>> 2) The /boot is not partitioned, yet / and swap is encrypted over LVM
>> (dm-crypt plus LUKS).
>>
>> I searched over the Net and could not figure out how to achieve this.
>> Any pointers shall be appreciated.
>>
>> Regards
>> zenny
>>
>> On 11/30/12, Zenny <garbytrash at gmail.com> wrote:
>>> Hi:
>>>
>>> I happen to see your nice application just today and feel like
>>> deploying. Unfortunately I am getting errors while installing
>>> mados-client in embedded debian squeeze (voyage linux actually).
>>>
>>> 1) gpg: WARNING: some OpenPGP programs can't handle a DSA key with
>>> this digest size
>>>
>>> I know of this error maybe it is run on a i386 machine.
>>>
>>> 2) cryptsetup: WARNING: could not determine root device from /etc/fstab
>>>
>>> which looks like:
>>> root at voyage:~# cat /etc/fstab
>>> #/dev/hda1       /       ext2    defaults,noatime,rw     0       0
>>> proc            /proc   proc    defaults                0       0
>>> tmpfs 			/tmp 	tmpfs 	nosuid,nodev 			0 		0
>>> #tmpfs           /rw     tmpfs   defaults,size=32M        0       0
>>>
>>>
>>> Appreciate if there is any pointers! Is there any tutorials on how to
>>> deploy mandos? FYI, I am trying to share keys between two mandos
>>> servers. Thanks!
>>>
>>
>

More information about the Mandos-Dev mailing list