|
|
@@ -138,13 +138,23 @@ After installing all build prerequisites, run the build script:
|
|
|
|
|
|
## Installing letmein
|
|
|
|
|
|
+### Install client
|
|
|
+
|
|
|
+Then run the `install-client.sh` to install the letmein client to `/opt/letmein/`:
|
|
|
+
|
|
|
+```sh
|
|
|
+./install-client.sh
|
|
|
+```
|
|
|
+
|
|
|
+The client is used to send a knock packet to the server.
|
|
|
+
|
|
|
### Install server
|
|
|
|
|
|
#### Prepare user and group for the server
|
|
|
|
|
|
The public network facing part of the letmein server runs with reduced privileges to lower the attack surface.
|
|
|
|
|
|
-For this to work, the system user `letmeind` and a system group `letmeind` have to be installed in `/etc/passwd` and `/etc/group`
|
|
|
+For this to work, the system user `letmeind` and a system group `letmeind` have to be present in `/etc/passwd` and `/etc/group`
|
|
|
|
|
|
You can use the following helper script to create the user and group in your system:
|
|
|
|
|
|
@@ -165,24 +175,6 @@ Installing the server will also install the service and socket into systemd and
|
|
|
The server is used to receive knock packets from the client.
|
|
|
Upon successful knock authentication, the server will open the knocked port in its `nftables` firewall.
|
|
|
|
|
|
-### Install client
|
|
|
-
|
|
|
-Then run the `install-client.sh` to install the letmein client to `/opt/letmein/`:
|
|
|
-
|
|
|
-```sh
|
|
|
-./install-client.sh
|
|
|
-```
|
|
|
-
|
|
|
-The client is used to send a knock packet to the server.
|
|
|
-
|
|
|
-## Security notice: User identifiers and resource identifiers
|
|
|
-
|
|
|
-Please be aware that the user identifiers and resource identifiers from the configuration files are transmitted over the network without encryption in clear text.
|
|
|
-
|
|
|
-Make sure the user identifiers and resource identifiers do **not** include any private information.
|
|
|
-
|
|
|
-These identifiers are merely meant to be an abstract identification for managing different `letmein` keys, installations and setups.
|
|
|
-
|
|
|
## Platform support
|
|
|
|
|
|
### Server
|
|
|
@@ -199,6 +191,14 @@ Tested platforms are:
|
|
|
- Windows
|
|
|
- MacOS (build tested only)
|
|
|
|
|
|
+## Security notice: User identifiers and resource identifiers
|
|
|
+
|
|
|
+Please be aware that the user identifiers and resource identifiers from the configuration files are transmitted over the network without encryption in clear text.
|
|
|
+
|
|
|
+Make sure the user identifiers and resource identifiers do **not** include any private information.
|
|
|
+
|
|
|
+These identifiers are merely meant to be an abstract identification for managing different `letmein` keys, installations and setups.
|
|
|
+
|
|
|
## Internals and design goals
|
|
|
|
|
|
The main design goals of letmein are:
|
Michael Buesch