Hi LQ members,
I am trying to implement a mandos environment in my workplace, so the developers can work using encrypt disks without needing to be prompted by the file system passphrase. Well, at least that's what mandos should be all about.
The Mandos documentation is, sadly, quite poor and I can't even establish any communication between the server and the client. And yes, the firewall settings are all right; I have tested manually connecting to the server port using telnet and it works.
So I have created the keys to talk to the server and everything, but then after I reboot the client (expecting it to establish a connection to the server in order to retrieve the passphrase, I get the following errors:
Quote:
Attempting to use OpenPGP public key /etc/keys/mandos/pubkey.txt and secret /etc/keys/mandos/seckey.txt as GnuTLS credentials
GnutLS: ASSERT: gnutls_openpgp.c:479
Error[-64] while reading the OpenPGP key pair ('/etc/keys/mandos/pubkey.txt', '/etc/keys/mandos/seckey.txt')
The GnuTLS error is: Error while reading file.
init_gnutls_global failed
mandos-client exiting
Enter passphrase
|
Also, I think it is worth mentioning that I have been monitoring all the traffic on the server side (thanks to tcpdump) during the client boot process and I have found no traffic AT ALL related to the mandos protocol and TLS.
So, I would be very thankful if I could get, at least, sample configuration files from anyone here who have successfully deployed mandos.
In the worst case, does anyone here knows and could recommend me a better solution than mandos?
Just in case, here is my "plugin-runner.conf"
Quote:
--options-for=mandos-client:--debug
--options-for=mandos-client:--connect=MyServerIP:42479
--options-for=mandos-client:--pubkey=/etc/keys/mandos/pubkey.txt
--options-for=mandos-client:--pubkey=/etc/keys/mandos/seckey.txt
|
I'm using Ubuntu 12.04 for the client side and Debian Squeeze for the server side.
Thanks in advance.
References:
https://wiki.recompile.se/wiki/Mandos
