Some starting documents

Zenny garbytrash at gmail.com
Sun Dec 2 21:32:04 CET 2012 

And there is no firewall involved between these machines, because I
have not configured any. No firewall configured at all at the moment.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
> Dear Teddy and Dick:
>
> I tried also with a completely new debian squeeze installation with
> dm-crypt and LUKS which has the following in the fstab:
>
> # <file system> <mount point>   <type>  <options>       <dump>  <pass>
> proc            /proc           proc    defaults        0       0
> /dev/mapper/gw0-root /               ext3    errors=remount-ro 0       1
> # /boot was on /dev/sda1 during installation
> UUID=22c1e040-0527-4845-b14d-3db74829167f /boot           ext2
> defaults        0       2
> /dev/mapper/gw0-home /home           ext3    defaults        0       2
> /dev/mapper/gw0-tmp /tmp            ext3    defaults        0       2
> /dev/mapper/gw0-usr /usr            ext3    defaults        0       2
> /dev/mapper/gw0-var /var            ext3    defaults        0       2
> /dev/mapper/gw0-swap_1 none            swap    sw              0       0
> /dev/scd0       /media/cdrom0   udf,iso9660 user,noauto     0       0
>
> This time the installation on the mandor-client in the machine works
> and still executing:
>
> #/usr/lib/mandos/plugins.d/mandos-client \
>> --pubkey=/etc/keys/mandos/pubkey.txt \
>> --seckey=/etc/keys/mandos/seckey.txt; echo
>
> Does not give any output even after eons of time.
>
> What I did was:
>
> 1) Installed a completely new instance of debian squeeze using guided
> installation with encryption in two VMs,
> 2) then installed mandos-server in VM A and mandos-client in VM B.
> 3) Generated the client info (mandos-keygen --password) in VM B
> (mandos-client) and pasted that in /etc/mandos/clients.conf of VM A
> (mandos server)
> 4) Restarted mandos server in A and rebooted VM B to check whether it
> can fetch information from server A to boot.
> 5) Executed the above command to echo the password, but no output.
>
> There is nothing I could see where I can see the debug command,
> because VM B cannot fetch the password from mandos-server in VM A,
> meaning I have to feed the encryption password manually to boot VM B.
>
> BTW, Teddy, the documentation is neither complete or verbose. It is
> wholly incomplete. At least I could have helped you to create a
> document, provided something works in my case. And it is not working
> at all? I am struggling for the last two days to make it work, yet no
> go! Maybe this is the reason there is little adoption of mandos is not
> so strong.
>
> I followed a longer solution for a similar solution (using a longer
> method with manual remote feeding of the key), but that is not what I
> am seeking rather something like mandos. But there is no luck that it
> worked.
>
> I wish...
>
> zenny
>
> On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
>> Thanks Dick for information.
>>
>> About the first mandos server-client pair I meant the mandos server
>> which also tries to authenticate as client with each other, I
>> installed mandos sever and clients in both of them and copied the
>> output of 'mandos-keygen --passphrase' to the server's
>> /etc/mandos/clients.conf yet it does not authenticate, yet asks for
>> the passphrase in console?
>>
>> Tried to execute the following in the client console (as stated in
>> http://bzr.recompile.se/loggerhead/mandos/trunk/annotate/head:/debian/mandos-client.README.Debian),
>> but nothing happens even for hours.
>>
>> #/usr/lib/mandos/plugins.d/mandos-client \
>>> --pubkey=/etc/keys/mandos/pubkey.txt \
>>> --seckey=/etc/keys/mandos/seckey.txt; echo
>>
>> What did I miss? What other configuration changes that I need to make
>> to make it work?
>>
>> Thanks!
>>
>> On 12/1/12, Zenny <garbytrash at gmail.com> wrote:
>>> Hi again:
>>>
>>> I thoroughly read the documents in the site, yet I cannot figure out
>>> how to achieve this:
>>>
>>> 1) Two mandos servers-clients authenticating between each other which
>>> in turn provide authentication passwords to the local clients
>>>
>>> 2) The /boot is not partitioned, yet / and swap is encrypted over LVM
>>> (dm-crypt plus LUKS).
>>>
>>> I searched over the Net and could not figure out how to achieve this.
>>> Any pointers shall be appreciated.
>>>
>>> Regards
>>> zenny
>>>
>>> On 11/30/12, Zenny <garbytrash at gmail.com> wrote:
>>>> Hi:
>>>>
>>>> I happen to see your nice application just today and feel like
>>>> deploying. Unfortunately I am getting errors while installing
>>>> mados-client in embedded debian squeeze (voyage linux actually).
>>>>
>>>> 1) gpg: WARNING: some OpenPGP programs can't handle a DSA key with
>>>> this digest size
>>>>
>>>> I know of this error maybe it is run on a i386 machine.
>>>>
>>>> 2) cryptsetup: WARNING: could not determine root device from /etc/fstab
>>>>
>>>> which looks like:
>>>> root at voyage:~# cat /etc/fstab
>>>> #/dev/hda1       /       ext2    defaults,noatime,rw     0       0
>>>> proc            /proc   proc    defaults                0       0
>>>> tmpfs 			/tmp 	tmpfs 	nosuid,nodev 			0 		0
>>>> #tmpfs           /rw     tmpfs   defaults,size=32M        0       0
>>>>
>>>>
>>>> Appreciate if there is any pointers! Is there any tutorials on how to
>>>> deploy mandos? FYI, I am trying to share keys between two mandos
>>>> servers. Thanks!
>>>>
>>>
>>
>

More information about the Mandos-Dev mailing list