SUBJECT: RE: [Ltsp-discuss] Security concern: Logging in on terminals - >FROM: Derek Zoolander >DATE: 05/09/2002 03:58:51 >How about in the boot Eprom?
This is one way. Then ASFAIK we end up with unique Eprom images per unit, and the need of generating SSH-key first and then storing to the image and then burning to the terminal. >FROM: Julius Szelagiewicz >DATE: 05/09/2002 05:36:45 >As i was writing this i came up with another idea (so much for >"only 1 way") - use login and ssh in a somewhat modified way: upon >entering login name in cleartext, push the user's public key to >workstation and use it to encrypt the subsequent entries. ask for >passphrase, decrypt using private key which has *not* been compromised. >allow login if decrypt successfull. that way other than the original login >name and public key, everything else travels encrypted. >how do you like it? it seems to require modifications mostly to >the login program. julius This is another way (and a better one). This seems - to me - as it is very much like standard encryption procedure on the InterNet? Am I wrong? I used the word SSH in my original mail, and that was taken from a previous discussion about root login on terminal. I did not intentionally mean that _all_ traffic needed encryption. That might of course be true in some cases, but I think the vast majority only need encryption of the password (if they need it at all). Julius suggestion seems like a good solution to me, and it would not slow down the thing, referring to other messages in thread. I can't say this is a mainstream wish, but I would certainly use it if it was there as a out of the box solution or in a HOWTO. But then of course to be selfcritic, there's one remaining question: What have we gained if we don't encrypt it all? _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net