Last active
March 25, 2020 23:03
-
-
Save AnwarYagoub/2120c3eade1480f6dd3c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| =========================================================================================================================== | |
| Mandos server | |
| =========================================================================================================================== | |
| sudo apt-get install mandos -y | |
| sudo service dbus reload | |
| sudo sed -i.bak 's/;priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP/priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224/g' /etc/mandos/mandos.conf | |
| sudo service mandos start | |
| =========================================================================================================================== | |
| Mandos client | |
| =========================================================================================================================== | |
| install packages: | |
| ----------------- | |
| sudo apt-get install rng-tools -y | |
| sudo rngd -r /dev/urandom | |
| sudo apt-get install mandos-client -y | |
| installing mandos will fail now with the following error & thats ok: | |
| -------------------------------------------------------------------- | |
| gpg: fatal: can't open `/tmp/mandos-keygen-keyrings.ssRruwSwhE/trustdb.gpg': No such file or directory | |
| secmem usage: 3424/4896 bytes in 8/14 blocks of pool 6176/32768 | |
| dpkg: error processing package mandos-client (--configure): | |
| subprocess installed post-installation script returned error exit status 2 | |
| Processing triggers for libc-bin (2.19-0ubuntu6.7) ... | |
| Errors were encountered while processing: | |
| mandos-client | |
| E: Sub-process /usr/bin/dpkg returned an error code (1) | |
| Download & apply mandos-keygen patch: | |
| ------------------------------------- | |
| cd ~ | |
| wget https://launchpadlibrarian.net/192135679/mandos-keygen.patch | |
| sudo patch /usr/sbin/mandos-keygen < mandos-keygen.patch | |
| continue with mandos client installation after applying patch: | |
| -------------------------------------------------------------- | |
| sudo dpkg --configure -a | |
| fix error(mandos-client: init_gpgme failed) | |
| ------------------------------------------- | |
| cd ~ | |
| wget https://launchpadlibrarian.net/176298919/mandos-gpgme.diff | |
| sudo patch /usr/share/initramfs-tools/hooks/mandos < mandos-gpgme.diff | |
| sudo update-initramfs -k all -u | |
| Generate client certificate: | |
| ---------------------------- | |
| sudo mandos-keygen --password --type RSA --force | |
| [mandos-test] | |
| host = mandos-test | |
| fingerprint = 8998A05CC347A763DB549117F64BCCD791F599AF | |
| secret = | |
| hQIOAxEGkVtdLHDQEAf/fkrUoxWHa5xFpwRf0iBWgAe8RAAuIby2q82A3etxjB8f | |
| +VBLvb9fmExcchpyNJLocMaucTIleTmjbu4qqcr6/BDFblqZ8osRD5qaezlyS0j6 | |
| fBr5yL3iACMthv86oMbQQKlwT8uD/w3OlxOQrCyvwjleJKHYg36Tp6MpB6nRPQ/H | |
| S0c5DtC20cMy+JkX5YcdVCyBmleqoG6uv2wWmrDKd21bEV26x33DhTXbyVSIqjzQ | |
| wCyBlXaRgkzllMxAx1T5O+XTMd4Hu/MqDrvnrhwj5HKkppfJMUXZZkvGJnGpnV9g | |
| Euv1JgsCr6h3jIrGjhW1cevpRStIRfbQ2z27Ay5Ozwf9FXaqyVGMrEf5YecMA/Np | |
| TsiBvNSWDERVs/pznCB9nXInRNIGWYWKqyZJvQdWSGb9Qeot8NUYwEHk0GKJuaF0 | |
| pWeOPkDLH6+rPYNtM7jOn2Ekne3lTNtpGAMxhIAAjIttn731bE+RZkltNLAPIAFv | |
| Et6o3IKAcNz2pjJB7XnEBblGh7S6XY2uJFLAPDQrB0UzDlDLSMGgOe4iBfhF6OtT | |
| bpuGhwk+OQSZn7GZnKWPU16iqqjA0nzadbZPLi8wShH5qDJS0aKkYxZD7clgxt1j | |
| 8cTlnyMQgYIFFzeKroo+6DXe/00yNNOUtDb6LGZv5zqoamCxAsQRqEeCP554blV5 | |
| gNKtAUFOGehXZxmVcW6sLtMqjZ9FGMGOfQjoQa88SazCUA3Hc01ONDqXbML+acDg | |
| mC/kVqQ0NgVVCreASAl+6akOKvlVdsjQgrrqZglAX/rI3gFRorSANe5TpGPgXo8h | |
| blille8mWZufiM0h9CLjpOgk8hVxleLj7rq1D+jhkaATJCJxNDaob/o3PUDCwOHx | |
| SH3MAIuybl2zWkkaZdX7bLuSf5MtTxOi4c5jLZ3Fq5s= | |
| =========================================================================================================================== | |
| Mandos server | |
| =========================================================================================================================== | |
| copy the above command output to /etc/mandos/client.conf & restart mandos: | |
| -------------------------------------------------------------------------- | |
| sudo vim /etc/mandos/clients.conf | |
| sudo service mandos restart | |
| =========================================================================================================================== | |
| Mandos client | |
| =========================================================================================================================== | |
| check configuration: | |
| -------------------- | |
| sudo /usr/lib/mandos/plugins.d/mandos-client --pubkey=/etc/keys/mandos/pubkey.txt --seckey=/etc/keys/mandos/seckey.txt --debug; echo | |
| *** if everyhting is ok the above command will output password sent from mandos server |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
THANK YOU! for having this here.
Also particularly helpful: https://mail.recompile.se/pipermail/mandos-dev/2016-October/000360.html