Mandos is a system for allowing servers with encrypted root file systems to reboot unattended and/or remotely. See the manual for more information, including an FAQ list.GNU General Public License v3 or later.
(The Halls of Mandos is, in the fictional world of J. R. R. Tolkien, where the spirits of dead elves would go to be judged and possibly reincarnated. Similarly, the Mandos system allows “dead” servers to request reincarnation, which can be either denied or granted by the Mandos server.)
Mandos is feature-complete; that is, it solves the problem it was created to solve. It has been included in Ubuntu ever since the Ubuntu Karmic release of October 2009, and in Debian since the Debian 6.0 "squeeze" release of February 2011. The latest versions of Mandos are uploaded to Debian unstable.
For future plans, see the TODO file.
Keys and Communication
The Manual Pages
- intro(8mandos) - general discussion and FAQ
- mandos(8) - The network server program
- mandos-ctl(8) - A command line utility to control the server
- mandos-monitor(8) - A text-based GUI to the server
- plugin-runner(8mandos) - The plugin runner
- mandos-client(8mandos) - The network client plugin
- password-prompt(8mandos) - Console interactive plugin
- plymouth(8mandos) - Asks for password interactively via Plymouth.
- usplash(8mandos) - Asks for password interactively via Usplash.
- splashy(8mandos) - Asks for password interactively via Splashy.
- askpass-fifo(8mandos) - Provides compatibility with the “askpass” program from the cryptsetup package.
- mandos-keygen(8) - Command line utility
There is a mailing list “mandos-dev”. Subscribe or read its archives at https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev
The current maintainers can be reached at firstname.lastname@example.org.
Debian and Ubuntu
Mandos is available directly in Debian and in the Ubuntu "universe" component, so to get Mandos installed in those distributions you use whatever method you normally use to select and install software packages for that distribution. There is no need to download anything from here, unless you want the latest version.
Add these two lines to your /etc/apt/sources.list file:
deb https://ftp.recompile.se/pub/mandos/debian jessie-backports main deb-src https://ftp.recompile.se/pub/mandos/debian jessie-backports main
The packages there will be cryptographically signed by one of the individual developers, and the package lists will be signed by an OpenPGP key with the fingerprint “153A 37F1 0BBA 0435 987F 2C4A 7223 2973 CA34 C2C4”.
To add this key to the APT key list, and avoid warnings from aptitude and others, do this:
su -c "gpg --keyserver keys.gnupg.net \ --recv-key 153A37F10BBA0435987F2C4A72232973CA34C2C4; \ gpg --export --armor 153A37F10BBA0435987F2C4A72232973CA34C2C4 \ | apt-key add -; gpg --batch --delete-key \ 153A37F10BBA0435987F2C4A72232973CA34C2C4"
Development Source Code
- Source code browser: https://bzr.recompile.se/loggerhead/mandos/trunk/files
- Bazaar repository:
- FTP: ftp://email@example.com/pub/mandos/trunk
- HTTP: https://ftp.recompile.se/pub/mandos/trunk
- Other files: ftp://ftp.recompile.se/pub/mandos
Known bugs and planned features are kept in the TODO file.
Instructions for Compiling and Installing From Source
bzr branch ftp://firstname.lastname@example.org/pub/mandos/trunk mandos
cd mandos bzr builddeb --builder='debuild -i -us -uc -b'
The .deb files should now be built and can be found in the parent directory.
After installing a package, follow the instructions in the file “/usr/share/doc/package-name/README.Debian”.