SUBJECT: RE: [Ltsp-discuss] Security concern: Logging in on terminals -
>FROM: Derek Zoolander
>DATE: 05/09/2002 03:58:51
>How about in the boot Eprom?
This is one way. Then ASFAIK we end up with unique Eprom images per unit, and the
need of generating SSH-key first and then storing to the image and then burning to
the terminal.
>FROM: Julius Szelagiewicz
>DATE: 05/09/2002 05:36:45
>As i was writing this i came up with another idea (so much for
>"only 1 way") - use login and ssh in a somewhat modified way: upon
>entering login name in cleartext, push the user's public key to
>workstation and use it to encrypt the subsequent entries. ask for
>passphrase, decrypt using private key which has *not* been compromised.
>allow login if decrypt successfull. that way other than the original login
>name and public key, everything else travels encrypted.
>how do you like it? it seems to require modifications mostly to
>the login program. julius
This is another way (and a better one). This seems - to me - as it is very much
like standard encryption procedure on the InterNet? Am I wrong?
I used the word SSH in my original mail, and that was taken from a previous
discussion about root login on terminal. I did not intentionally mean that _all_
traffic needed encryption. That might of course be true in some cases, but I think
the vast majority only need encryption of the password (if they need it at all).
Julius suggestion seems like a good solution to me, and it would not slow down the
thing, referring to other messages in thread.
I can't say this is a mainstream wish, but I would certainly use it if it was there
as a out of the box solution or in a HOWTO.
But then of course to be selfcritic, there's one remaining question: What have we
gained if we don't encrypt it all?
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.openprojects.net
