allows remote and/or unattended password protected server reboots.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote and/or unattended reboots. WouldnÃ¢â¬â¢t it be great if you could have the security of encrypted root file systems and still have servers that could boot up automatically if there was a short power outage while you were asleep? That you could reboot at will, without having someone run over to the server to type in the password? Well, with Mandos, you (almost) can! The gain in convenience will only be offset by a small loss in security. The setup is as follows: The server will still have its encrypted root file system. The password to this file system will be stored on another computer (henceforth known as the Mandos server) on the same local network. The password will *not* be stored in plaintext, but encrypted with OpenPGP. To decrypt this password, a key is needed. This key (the Mandos client key) will not be stored there, but back on the original server (henceforth known as the Mandos client) in the initial RAM disk image. Oh, and all network Mandos client/server communications will be encrypted, using TLS (SSL).
31 October 2008
Leaders and contributors
Resources and communication
|Help||Mailing List Info/Archive||http://mail.fukt.bsnet.se/pipermail/mandos-dev/|
|Developer||VCS Repository Webview||http://bzr.fukt.bsnet.se/loggerhead/mandos/trunk/files|
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.