Some starting documents
Zenny
garbytrash at gmail.com
Sun Dec 2 21:32:04 CET 2012
And there is no firewall involved between these machines, because I
have not configured any. No firewall configured at all at the moment.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
> Dear Teddy and Dick:
>
> I tried also with a completely new debian squeeze installation with
> dm-crypt and LUKS which has the following in the fstab:
>
> # <file system> <mount point> <type> <options> <dump> <pass>
> proc /proc proc defaults 0 0
> /dev/mapper/gw0-root / ext3 errors=remount-ro 0 1
> # /boot was on /dev/sda1 during installation
> UUID=22c1e040-0527-4845-b14d-3db74829167f /boot ext2
> defaults 0 2
> /dev/mapper/gw0-home /home ext3 defaults 0 2
> /dev/mapper/gw0-tmp /tmp ext3 defaults 0 2
> /dev/mapper/gw0-usr /usr ext3 defaults 0 2
> /dev/mapper/gw0-var /var ext3 defaults 0 2
> /dev/mapper/gw0-swap_1 none swap sw 0 0
> /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
>
> This time the installation on the mandor-client in the machine works
> and still executing:
>
> #/usr/lib/mandos/plugins.d/mandos-client \
>> --pubkey=/etc/keys/mandos/pubkey.txt \
>> --seckey=/etc/keys/mandos/seckey.txt; echo
>
> Does not give any output even after eons of time.
>
> What I did was:
>
> 1) Installed a completely new instance of debian squeeze using guided
> installation with encryption in two VMs,
> 2) then installed mandos-server in VM A and mandos-client in VM B.
> 3) Generated the client info (mandos-keygen --password) in VM B
> (mandos-client) and pasted that in /etc/mandos/clients.conf of VM A
> (mandos server)
> 4) Restarted mandos server in A and rebooted VM B to check whether it
> can fetch information from server A to boot.
> 5) Executed the above command to echo the password, but no output.
>
> There is nothing I could see where I can see the debug command,
> because VM B cannot fetch the password from mandos-server in VM A,
> meaning I have to feed the encryption password manually to boot VM B.
>
> BTW, Teddy, the documentation is neither complete or verbose. It is
> wholly incomplete. At least I could have helped you to create a
> document, provided something works in my case. And it is not working
> at all? I am struggling for the last two days to make it work, yet no
> go! Maybe this is the reason there is little adoption of mandos is not
> so strong.
>
> I followed a longer solution for a similar solution (using a longer
> method with manual remote feeding of the key), but that is not what I
> am seeking rather something like mandos. But there is no luck that it
> worked.
>
> I wish...
>
> zenny
>
> On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
>> Thanks Dick for information.
>>
>> About the first mandos server-client pair I meant the mandos server
>> which also tries to authenticate as client with each other, I
>> installed mandos sever and clients in both of them and copied the
>> output of 'mandos-keygen --passphrase' to the server's
>> /etc/mandos/clients.conf yet it does not authenticate, yet asks for
>> the passphrase in console?
>>
>> Tried to execute the following in the client console (as stated in
>> http://bzr.recompile.se/loggerhead/mandos/trunk/annotate/head:/debian/mandos-client.README.Debian),
>> but nothing happens even for hours.
>>
>> #/usr/lib/mandos/plugins.d/mandos-client \
>>> --pubkey=/etc/keys/mandos/pubkey.txt \
>>> --seckey=/etc/keys/mandos/seckey.txt; echo
>>
>> What did I miss? What other configuration changes that I need to make
>> to make it work?
>>
>> Thanks!
>>
>> On 12/1/12, Zenny <garbytrash at gmail.com> wrote:
>>> Hi again:
>>>
>>> I thoroughly read the documents in the site, yet I cannot figure out
>>> how to achieve this:
>>>
>>> 1) Two mandos servers-clients authenticating between each other which
>>> in turn provide authentication passwords to the local clients
>>>
>>> 2) The /boot is not partitioned, yet / and swap is encrypted over LVM
>>> (dm-crypt plus LUKS).
>>>
>>> I searched over the Net and could not figure out how to achieve this.
>>> Any pointers shall be appreciated.
>>>
>>> Regards
>>> zenny
>>>
>>> On 11/30/12, Zenny <garbytrash at gmail.com> wrote:
>>>> Hi:
>>>>
>>>> I happen to see your nice application just today and feel like
>>>> deploying. Unfortunately I am getting errors while installing
>>>> mados-client in embedded debian squeeze (voyage linux actually).
>>>>
>>>> 1) gpg: WARNING: some OpenPGP programs can't handle a DSA key with
>>>> this digest size
>>>>
>>>> I know of this error maybe it is run on a i386 machine.
>>>>
>>>> 2) cryptsetup: WARNING: could not determine root device from /etc/fstab
>>>>
>>>> which looks like:
>>>> root at voyage:~# cat /etc/fstab
>>>> #/dev/hda1 / ext2 defaults,noatime,rw 0 0
>>>> proc /proc proc defaults 0 0
>>>> tmpfs /tmp tmpfs nosuid,nodev 0 0
>>>> #tmpfs /rw tmpfs defaults,size=32M 0 0
>>>>
>>>>
>>>> Appreciate if there is any pointers! Is there any tutorials on how to
>>>> deploy mandos? FYI, I am trying to share keys between two mandos
>>>> servers. Thanks!
>>>>
>>>
>>
>
More information about the Mandos-Dev
mailing list