Http server instead of own server?
Cesare Bianchi
kzar79 at gmail.com
Sun Feb 3 13:25:14 CET 2013
Dear all,
I have the following situation:
I manage various (virtual) servers running in various clients'
locations. The clients must not have direct access to the servers data,
so I ecnrypted the disks. At the present time, I must physically go (or
connect to the virtual host) if a server reboots.
I wanted to install Mandos client on the servers, but it needs a Mandos
server runnning in the network, and obviously this only adds complexity.
So, is it possible to use some simple form of connection to the "Mandos
server", for example with a public basic http server?
I didn't study the Mandos handshake process, but I think that any php
page could decrypt with a public key a random generated string, and then
use that string to encrypt the password and send it as reply (which is
essentially the ssl handshake). Obviously this means that the http
server must be secured and available, but it's not a great problem, I think.
Probably the greatest problem would be for the "client" to have the
interface configured with the gateway and nameserver, during the boot.
Do you think it is complex to modify the Mandos client (or write another
plugin) to do so? Would you point me in the right direction, so I could
possibly do it?
Thank you in advance,
Cesare
More information about the Mandos-Dev
mailing list