Provided by: mandos_1.8.18-1_all bug

NAME

       mandos - Gives encrypted passwords to authenticated Mandos clients

SYNOPSIS

       mandos [--interface NAME | -i NAME]
              [--address ADDRESS | -a ADDRESS]
              [--port PORT | -p PORT]
              [--priority PRIORITY]
              [--servicename NAME]
              [--configdir DIRECTORY]
              [--debug]
              [--debuglevel LEVEL]
              [--no-dbus]
              [--no-ipv6]
              [--no-restore]
              [--statedir DIRECTORY]
              [--socket FD]
              [--foreground]
              [--no-zeroconf]

       mandos {--help | -h}

       mandos --version

       mandos --check

DESCRIPTION

       mandos is a server daemon which handles incoming requests for passwords for a pre-defined
       list of client host computers. For an introduction, see intro(8mandos). The Mandos server
       uses Zeroconf to announce itself on the local network, and uses TLS to communicate
       securely with and to authenticate the clients. The Mandos server uses IPv6 to allow Mandos
       clients to use IPv6 link-local addresses, since the clients will probably not have any
       other addresses configured (see the section called “OVERVIEW”). Any authenticated client
       is then given the stored pre-encrypted password for that specific client.

PURPOSE

       The purpose of this is to enable remote and unattended rebooting of client host computer
       with an encrypted root file system. See the section called “OVERVIEW” for details.

OPTIONS

       --help, -h
           Show a help message and exit

       --interface NAME, -i NAME
           If this is specified, the server will only announce the service and listen to requests
           on the specified network interface. Default is to use all available interfaces.  Note:
           a failure to bind to the specified interface is not considered critical, and the
           server will not exit, but instead continue normally.

       --address ADDRESS, -a ADDRESS
           If this option is used, the server will only listen to the specified IPv6 address. If
           a link-local address is specified, an interface should be set, since a link-local
           address is only valid on a single interface. By default, the server will listen to all
           available addresses. If set, this must normally be an IPv6 address; an IPv4 address
           can only be specified using IPv4-mapped IPv6 address syntax: “::FFFF:192.0.2.3”. (Only
           if IPv6 usage is disabled (see below) must this be an IPv4 address.)

       --port PORT, -p PORT
           If this option is used, the server will bind to that port. By default, the server will
           listen to an arbitrary port given by the operating system.

       --check
           Run the server’s self-tests. This includes any unit tests, etc.

       --debug
           If the server is run in debug mode, it will run in the foreground and print a lot of
           debugging information. The default is to not run in debug mode.

       --debuglevel LEVEL
           Set the debugging log level.  LEVEL is a string, one of “CRITICAL”, “ERROR”,
           “WARNING”, “INFO”, or “DEBUG”, in order of increasing verbosity. The default level is
           “WARNING”.

       --priority  PRIORITY
           GnuTLS priority string for the TLS handshake. The default is

           “SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA” when
           using raw public keys in TLS, and “SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA
           :+SIGN-DSA-SHA256” when using OpenPGP keys in TLS,. See gnutls_priority_init(3) for
           the syntax.  Warning: changing this may make the TLS handshake fail, making
           server-client communication impossible. Changing this option may also make the network
           traffic decryptable by an attacker.

       --servicename NAME
           Zeroconf service name. The default is “Mandos”. This only needs to be changed if for
           some reason is would be necessary to run more than one server on the same host. This
           would not normally be useful. If there are name collisions on the same network, the
           newer server will automatically rename itself to “Mandos #2”, and so on; therefore,
           this option is not needed in that case.

       --configdir DIRECTORY
           Directory to search for configuration files. Default is “/etc/mandos”. See
           mandos.conf(5) and mandos-clients.conf(5).

       --version
           Prints the program version and exit.

       --no-dbus
           This option controls whether the server will provide a D-Bus system bus interface. The
           default is to provide such an interface.

           See also the section called “D-BUS INTERFACE”.

       --no-ipv6
           This option controls whether the server will use IPv6 sockets and addresses. The
           default is to use IPv6. This option should never normally be turned off, even in
           IPv4-only environments. This is because mandos-client(8mandos) will normally use IPv6
           link-local addresses, and will not be able to find or connect to the server if this
           option is turned off.  Only advanced users should consider changing this option.

       --no-restore
           This option controls whether the server will restore its state from the last time it
           ran. Default is to restore last state.

           See also the section called “PERSISTENT STATE”.

       --statedir DIRECTORY
           Directory to save (and restore) state in. Default is “/var/lib/mandos”.

       --socket FD
           If this option is used, the server will not create a new network socket, but will
           instead use the supplied file descriptor. By default, the server will create a new
           network socket.

       --foreground
           This option will make the server run in the foreground and not write a PID file. The
           default is to not run in the foreground, except in debug mode, which implies this
           option.

       --no-zeroconf
           This option controls whether the server will announce its existence using Zeroconf.
           Default is to use Zeroconf. If Zeroconf is not used, a port number or a socket is
           required.

OVERVIEW

       This is part of the Mandos system for allowing computers to have encrypted root file
       systems and at the same time be capable of remote and/or unattended reboots. The computers
       run a small client program in the initial RAM disk environment which will communicate with
       a server over a network. All network communication is encrypted using TLS. The clients are
       identified by the server using a TLS key; each client has one unique to it. The server
       sends the clients an encrypted password. The encrypted password is decrypted by the
       clients using a separate OpenPGP key, and the password is then used to unlock the root
       file system, whereupon the computers can continue booting normally.

       This program is the server part. It is a normal server program and will run in a normal
       system environment, not in an initial RAM disk environment.

NETWORK PROTOCOL

       The Mandos server announces itself as a Zeroconf service of type “_mandos._tcp”. The
       Mandos client connects to the announced address and port, and sends a line of text where
       the first whitespace-separated field is the protocol version, which currently is “1”. The
       client and server then start a TLS protocol handshake with a slight quirk: the Mandos
       server program acts as a TLS “client” while the connecting Mandos client acts as a TLS
       “server”. The Mandos client must supply a TLS public key, and the key ID of this public
       key is used by the Mandos server to look up (in a list read from clients.conf at start
       time) which binary blob to give the client. No other authentication or authorization is
       done by the server.

       Table 1. Mandos Protocol (Version 1)
       ┌────────────────────────┬───────────┬──────────────────────────┐
       │Mandos ClientDirectionMandos Server            │
       ├────────────────────────┼───────────┼──────────────────────────┤
       │Connect                 │ ->        │                          │
       ├────────────────────────┼───────────┼──────────────────────────┤
       │“1\r\n”                 │ ->        │                          │
       ├────────────────────────┼───────────┼──────────────────────────┤
       │TLS handshake as TLS    │ <->       │ TLS handshake as TLS     │
       │“server”                │           │ “client”                 │
       ├────────────────────────┼───────────┼──────────────────────────┤
       │Public key (part of TLS │ ->        │                          │
       │handshake)              │           │                          │
       ├────────────────────────┼───────────┼──────────────────────────┤
       │                        │ <-        │ Binary blob (client will │
       │                        │           │ assume OpenPGP data)     │
       ├────────────────────────┼───────────┼──────────────────────────┤
       │                        │ <-        │ Close                    │
       └────────────────────────┴───────────┴──────────────────────────┘

CHECKING

       The server will, by default, continually check that the clients are still up. If a client
       has not been confirmed as being up for some time, the client is assumed to be compromised
       and is no longer eligible to receive the encrypted password. (Manual intervention is
       required to re-enable a client.) The timeout, extended timeout, checker program, and
       interval between checks can be configured both globally and per client; see mandos-
       clients.conf(5).

APPROVAL

       The server can be configured to require manual approval for a client before it is sent its
       secret. The delay to wait for such approval and the default action (approve or deny) can
       be configured both globally and per client; see mandos-clients.conf(5). By default all
       clients will be approved immediately without delay.

       This can be used to deny a client its secret if not manually approved within a specified
       time. It can also be used to make the server delay before giving a client its secret,
       allowing optional manual denying of this specific client.

LOGGING

       The server will send log message with various severity levels to /dev/log. With the
       --debug option, it will log even more messages, and also show them on the console.

PERSISTENT STATE

       Client settings, initially read from clients.conf, are persistent across restarts, and
       run-time changes will override settings in clients.conf. However, if a setting is changed
       (or a client added, or removed) in clients.conf, this will take precedence.

D-BUS INTERFACE

       The server will by default provide a D-Bus system bus interface. This interface will only
       be accessible by the root user or a Mandos-specific user, if such a user exists. For
       documentation of the D-Bus API, see the file DBUS-API.

EXIT STATUS

       The server will exit with a non-zero exit status only when a critical error is
       encountered.

ENVIRONMENT

       PATH
           To start the configured checker (see the section called “CHECKING”), the server uses
           /bin/sh, which in turn uses PATH to search for matching commands if an absolute path
           is not given. See sh(1).

FILES

       Use the --configdir option to change where mandos looks for its configurations files. The
       default file names are listed here.

       /etc/mandos/mandos.conf
           Server-global settings. See mandos.conf(5) for details.

       /etc/mandos/clients.conf
           List of clients and client-specific settings. See mandos-clients.conf(5) for details.

       /run/mandos.pid
           The file containing the process id of the mandos process started last.  Note: If the
           /run directory does not exist, /var/run/mandos.pid will be used instead.

       /var/lib/mandos
           Directory where persistent state will be saved. Change this with the --statedir
           option. See also the --no-restore option.

       /dev/log
           The Unix domain socket to where local syslog messages are sent.

       /bin/sh
           This is used to start the configured checker command for each client. See mandos-
           clients.conf(5) for details.

BUGS

       This server might, on especially fatal errors, emit a Python backtrace. This could be
       considered a feature.

       There is no fine-grained control over logging and debug output.

       Please report bugs to the Mandos development mailing list: <mandos-dev@recompile.se>
       (subscription required). Note that this list is public. The developers can be reached
       privately at <mandos@recompile.se> (OpenPGP key fingerprint 153A 37F1 0BBA 0435 987F 2C4A
       7223 2973 CA34 C2C4 for encrypted mail).

EXAMPLE

       Normal invocation needs no options:

       mandos

       Run the server in debug mode, read configuration files from the ~/mandos directory, and
       use the Zeroconf service name “Test” to not collide with any other official Mandos server
       on this host:

       mandos --debug --configdir ~/mandos --servicename Test

       Run the server normally, but only listen to one interface and only on the link-local
       address on that interface:

       mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2

SECURITY

   SERVER
       Running this mandos server program should not in itself present any security risk to the
       host computer running it. The program switches to a non-root user soon after startup.

   CLIENTS
       The server only gives out its stored data to clients which does have the correct key ID of
       the stored key ID. This is guaranteed by the fact that the client sends its public key in
       the TLS handshake; this ensures it to be genuine. The server computes the key ID of the
       key itself and looks up the key ID in its list of clients. The clients.conf file (see
       mandos-clients.conf(5)) must be made non-readable by anyone except the user starting the
       server (usually root).

       As detailed in the section called “CHECKING”, the status of all client computers will
       continually be checked and be assumed compromised if they are gone for too long.

       For more details on client-side security, see mandos-client(8mandos).

SEE ALSO

       intro(8mandos), mandos-clients.conf(5), mandos.conf(5), mandos-client(8mandos), sh(1)

       Zeroconf[1]
           Zeroconf is the network protocol standard used by clients for finding this Mandos
           server on the local network.

       Avahi[2]
           Avahi is the library this server calls to implement Zeroconf service announcements.

       GnuTLS[3]
           GnuTLS is the library this server uses to implement TLS for communicating securely
           with the client, and at the same time confidently get the client’s public key.

       RFC 4291: IP Version 6 Addressing Architecture

           Section 2.2: Text Representation of Addresses

           Section 2.5.5.2: IPv4-Mapped IPv6 Address

           Section 2.5.6, Link-Local IPv6 Unicast Addresses
               The clients use IPv6 link-local addresses, which are immediately usable since a
               link-local address is automatically assigned to a network interfaces when it is
               brought up.

       RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2
           TLS 1.2 is the protocol implemented by GnuTLS.

       RFC 4880: OpenPGP Message Format
           The data sent to clients is binary encrypted OpenPGP data.

       RFC 7250: Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport
       Layer Security (DTLS)
           This is implemented by GnuTLS version 3.6.6 and is, if present, used by this server so
           that raw public keys can be used.

       RFC 6091: Using OpenPGP Keys for Transport Layer Security (TLS) Authentication
           This is implemented by GnuTLS before version 3.6.0 and is, if present, used by this
           server so that OpenPGP keys can be used.

COPYRIGHT

       Copyright © 2008-2019 Teddy Hogeborn, Björn Påhlsson

       This manual page is part of Mandos.

       Mandos is free software: you can redistribute it and/or modify it under the terms of the
       GNU General Public License as published by the Free Software Foundation, either version 3
       of the License, or (at your option) any later version.

       Mandos is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with Mandos. If
       not, see http://www.gnu.org/licenses/.

NOTES

        1. Zeroconf
           http://www.zeroconf.org/

        2. Avahi
           https://www.avahi.org/

        3. GnuTLS
           https://gnutls.org/