Scott Balneaves wrote: > On Thu, Oct 16, 2008 at 01:51:45PM -0600, David Burgess wrote: > >> I'm not criticising the ltsp team. I love what they provide. And I'm >> not asking anybody--I hope--to change the way your ssh server or ltsp >> server operates. I simply think it would be a boon to the project to >> remove some of the pain in creating what I suspect would be a fairly >> popular scenario among ltsp admins and facilitate the ability to >> access the server remotely without compromising the very good security >> provided by the OpenSSH server. > > Two things I'd like to point out: > > 1) LTSP doesn't modify the ssh server configs in any way. It's not like sshd > installs with only rsa-key methods enabled, and LTSP twiddles with the sshd > configs to "reduce security" by enabling password access: password access to > ssh comes enabled by default. In fact, due to packaging policies on Debian, > Ubuntu, and (I suspect) Fedora, our package would be forbidden to twiddle with > the config. > This is not a feature request, simply brainstorming:
What if you left the standard config file alone, but added /etc/ltsp/sshd_config and configured a daemon to run using that config file (not on port 22). Would that be forbidden? I think what would be ideal (for me anyway, possibly for others) is if LTSP used an ssh daemon that was only available to LTSP clients. For instance, if the ssh server (on an alternate port) could be configured to only talk to the chroot. I'm imagining something similar to the way NX Client works. It can only connect to the NX Server if it has the proper keyfile installed. Once it connects with the key, the user can authenticate using a password. For LTSP, the private key would be installed in the chroot and the public key would be installed on the server. > 2) I think the simplest is, if someone wants to write a script to do this, and > test it throuoghly, it could simply be added to the > /usr/share/docs/ltsp/examples directory, when an admin would have it to ready > access if needed. > Thanks for bringing some sanity to this discussion. That's all the original poster was looking for -- a way to share his learning experience with others. -Rob ******************************************************** The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. ******************************************************** ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
