1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
<!ENTITY TIMESTAMP "2012-01-01">
4
<!ENTITY TIMESTAMP "2014-06-22">
5
5
<!ENTITY % common SYSTEM "common.ent">
218
<refsect2 id="fakeping">
219
<title>Faking ping replies?</title>
218
<refsect2 id="fakecheck">
219
<title>Faking checker results?</title>
221
The default for the server is to use
221
If the Mandos client does not have an SSH server, the default
222
is for the Mandos server to use
222
223
<quote><literal>fping</literal></quote>, the replies to which
223
224
could be faked to eliminate the timeout. But this could
224
225
easily be changed to any shell command, with any security
225
measures you like. It could, for instance, be changed to an
226
SSH command with strict keychecking, which could not be faked.
227
Or IPsec could be used for the ping packets, making them
226
measures you like. If the Mandos client
227
<emphasis>has</emphasis> an SSH server, the default
228
configuration (as generated by
229
<command>mandos-keygen</command> with the
230
<option>--password</option> option) is for the Mandos server
231
to use an <command>ssh-keyscan</command> command with strict
232
keychecking, which can not be faked. Alternatively, IPsec
233
could be used for the ping packets, making them secure.
added
removed
intro.xml
