Florian Thiel wrote:
It is not expensive at all.Hi!Can anyone issue any suggestions or report experiences encrypting the network traffic in an LTSP environment? Since keypresses and everything (e.g. every password you enter on a LTSP workstation, be it ssh or not) travel the LAN in plaintext (X events), encryption is crucial for large-scale adoptions. (To demonstrate the effects, I once created too small perl scripts, one that sniffed X magic cookies and one that iterated over the list of known cookies and used them to switch display background colors. After a few minutes I had a whole room of machines happily blinking... Very impressive). IPSec would come into mind but is very expensive (CPU cycles) and would need a powerful centralized IPSec Gateway...
I am running Freeswan on an old Dell Optiplex Pentium 166 MHz PC, that acts as firewall/router (iptables) and VPN-gateway.
Currently, I have only 4 tunnels set up, but from reading the freeswan mailing lists I am convinced that I could configure many more before I would run into performance problems.
The question is to get IPSEC into the LTSP-kernel; it don't think that would be very difficult, really.
But what about the kernel-loading itself? tftp is anything but secure of course, so maybe you should also implement IPSEC into a boot kernel, and boot from a floppy or a flash to load the running kernel?
--
Z.
---------------------------------------------------------
If all you have is a hammer, everything looks like a nail
---------------------------------------------------------
-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net