> > Using IPsec is likely to be better than ssh for a lot of reasons, but in some > > cases ssh might be easier to set up. > > CIPE is fairly simple and effective alternative to IPsec; most of the > code is in userspace with a minimal kernel interface. > > http://sites.inka.de/sites/bigred/devel/cipe.html > > Please beware that any netbooted system is open to attack unless the > client key is stored somewhere secure - especially if the client key is > shoved over the net as part of a boot image or configuration... :)
I don't think it is needed. You may use a password as a key. That is what I do with ssh. If I am not wrong this password is sent encrypted. Thus it acts like a key in somewhere secure, in your head. Of course it is fully open to man in the middle attack. But even though the key is stored in somewhere secure, there are still possibilities of man in the middle attacks if the server provides bad binaries/kernel/public keys. I think that to avoid man in the middle attack, tftp can't be used and the kernel/initrd/public key has to be locally stored. Pat Pat ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net