Hi Rob, >>> I'm trying to set up LTSP 5 on a server that allows ssh access from the >>> internet, and as such I disallow password authentication. This seems to >>> conflict with LTSP 5, though. Is it possible to authenticate by means >>> other than ssh? >> I use LTSP 4.2 ,disallow password authentication via SSH and restrict the >> IP addresses from which you can get a SSH connection, and have never had a >> problem. Is this something new or different with version 5? >> >> You can use your /etc/hosts.allow and /etc/hosts.deny files to selectively >> allow certain addresses to use SSH (and other services). You can also >> specify >> allowed users in /etc/ssh/sshd_config >> > I've been using LTSP 4.2 and am trying out LTSP 5. It is different, > because (if I understand it correctly) all traffic goes through ssh. > There is an option to eliminate the encrypting (through ssh) of all > traffic, but my understanding is that it still uses ssh for authentication. > > In my case I want the same user to be able to log in locally, on a > terminal, or from the internet via ssh (text mode). Password > authentication would be ok for local and terminal logins, but not for > internet logins. > > I'll probably have to adjust my router to send internet-based ssh > requests to a different server, but I was hoping not to.
LTSP 5 standard install uses ssh to tunnel traffic from ltsp client to the ltsp server (X protocol itself is not encrypted). The login prompt is not anymore a standard DM called through XDMCP, but a custom made DM called LDM (local display manager). Although, with some quick twicking you can easily go back to the standard X/XDMCP way and forget about SSH. This way you'll be able to configure your ssh server the way you want. Cheers, Denis > > -Rob > ******************************************************** > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. If you are not the addressee, any disclosure, reproduction, > copying, distribution, or other dissemination or use of this transmission in > error please notify the sender immediately and then delete this e-mail. > E-mail transmission cannot be guaranteed to be secure or error free as > information could be intercepted, corrupted lost, destroyed, arrive late or > incomplete, or contain viruses. > The sender therefore does not accept liability for any errors or omissions > in the contents of this message which arise as a result of e-mail > transmission. If verification is required please request a hard copy > version. > > ******************************************************** > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > -- Denis Cardon Tranquil IT Systems 44 bvd des pas enchantés 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.62.67 http://www.tranquil-it-systems.fr ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
