How does it work?
A small bootloader will handle the authentication process by connecting securely to another server machine and grabbing the required password from it, which is decrypted by the client machine using OpenPGP keys.
The OpenPGP keys are unique to each client and all the network communication is encrypted using TLS (Transport Layer Security) at all times. Various examples and more documentation can be found on the project’s official homepage.
Offers a powerful plugin architecture
The software comes with a plugin architecture, which will extend its default functionality, providing compatibility with the "askpass" program, which is part of the cryptsetup package, listening to the same FIFO method, as well as to prompt users for a password when using Splashy, Usplash or Plymouth boot splash technologies.
Does it support my Linux OS?
Being distributed as a universal source archive, Mandos is virtually installable on any GNU/Linux platform, but it’s officially supported on the Ubuntu and Debian GNU/Linux operating systems from 2009 and 2011 respectively. Both 32-bit and 64-bit hardware platforms are supported at the moment.
Under the hood and requirements
A quick look under the hood will show us that the application is written in the UNIX Shell scripting language and the C programming language. It is a very secure application that requires no additional packages to be installed on the Linux server system where it is deployed.
Mandos is a very secure solution that can be installed on many Linux kernel-based operating systems, directly from the default software repositories or using the source/binary packages provided on the project’s website.
Reviewed by Marius Nestor, last updated on September 9th, 2014
In a hurry? Add it to your Download Basket!
- Bug fix: mandos-keygen now generates working SSH checker commands.
- Server ** Bug fix: "mandos-monitor" now really redraws screen on Ctrl-L.
- Now requires Python 2.7.
Application descriptionMandos is an open source software project designed from the offset to allow servers with encrypted root filesystems to...