So, you're saying the big computer has to log in to the little ones
passwordlessly and automatically, and then arrange for the little ones
to log in to itself passwordlessly?

Presumably there is a reason to have a password on the little ones?

bjb


On Tue, Mar 19, 2013 at 06:16:48PM -0400, Robert P. J. Day wrote:
> On Tue, 19 Mar 2013, Rob Echlin wrote:
> 
> > Sounds like you could put a public key on the target. Good enough.
> 
> > Everyone can login to a special remote-supervisor account on some
> > server, to connect to the target, and that account has the private
> > key. Then you don't have to get keys from everyone in advance. With
> > a passwordless connection to the target, this would be an easy extra
> > step.
> >
> > You can add their keys to the server account when you need to, then
> > they have passwordless access to that account.
> 
>   i'd thought of that a while back and it seemed initially promising
> but here's the rub as i explain something i'd carefully glossed over.
> 
>   imagine the unit in question is, say, a pluggable USB device running
> linux. that pluggable device will be plugged into a much larger
> system, *also* running linux. so the final system will, in fact, be
> the *combination* of these things, and the larger system will be fully
> writable. ah, you think, perfect. that should solve the problem
> exactly the way you described it.
> 
>   sadly, the two units will be manufactured entirely separately. the
> little units will be cheap pluggable devices which, on a moment's
> notice, might fail and will be immediately replaced by another one. so
> there's no permanence here. and there will be potentially *thousands*
> of these systems, which would require generating key pairs for each
> little unit, installing the public key on the unit, recording the
> private key somewhere, and installing that on the larger system when
> the combination of the two is placed in the field.
> 
>   the logistics of keeping track of all these key pairs would be a
> nightmare.
> 
> rday
> 
> -- 
> 
> ========================================================================
> Robert P. J. Day                                 Ottawa, Ontario, CANADA
>                         http://crashcourse.ca
> 
> Twitter:                                       http://twitter.com/rpjday
> LinkedIn:                               http://ca.linkedin.com/in/rpjday
> ========================================================================
> 
> 
> 
> 
> _______________________________________________
> Linux mailing list
> Linux@lists.oclug.on.ca
> http://oclug.on.ca/mailman/listinfo/linux
---end quoted text---
_______________________________________________
Linux mailing list
Linux@lists.oclug.on.ca
http://oclug.on.ca/mailman/listinfo/linux

Reply via email to