Yes you're right, I thought you were talking about the root user's key, used to authenticate the admin. I'm not sure, however, that a man-in-the-middle attack allows to retrieve the private key of the authenticating user (to be confirmed). It will, for sure, make the admin send commands to a compromised machine, and eventually give some vital information (password in "su -" ?)
> in LTSP, you don't usually mount /home over NFS, you log into the > application > server and file access happens on the server. the programs are merely > displayed > on the thin-client. I'm not sure about this, in the case of localapps, I think it is mounted in nfs (while sshfs is used for reverse access to usb drives?) > which is why LTSP5 uses ssh's X11 forwarding... Hoo, I didn't know that... :-) > > though you have similar security concerns to the above > man-in-the-middle > attack, as the thin-client's /etc/ssh/known_hosts is going over a > shared > NFS/NBD connection. so it can't *securely* determine that the server > is > actually the server you think you're connecting to. > True. > as long as you don't export private *host* keys over insecure methods, > yes. :) Still, I don't really know what are the implications of such a man-in-the-middle intrusion... Frederic. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
