Hi,
> I'm inclined to agree that IPSec closes more holes than ssh or ssl do.
> However, I still see a couple of problems I haven't been able to see a
> fix for. (Yes, this is a request for help!)
>
> 1. Ideally, we could use IPSec to authenticate each *workstation* long
> before we ask for nam
> > Using IPsec is likely to be better than ssh for a lot of reasons, but in some
> > cases ssh might be easier to set up.
>
> CIPE is fairly simple and effective alternative to IPsec; most of the
> code is in userspace with a minimal kernel interface.
>
> http://sites.inka.de/sites/bigred/devel
Hi,
> Unexporting directories for NFS kernel daemon...ws003:/opt/ltsp/i386:
> Function not implemented
> done.
> Exporting directories for NFS kernel daemon...ws003:/opt/ltsp/i386:
> Function not implemented
> done.
If I remember well, this means that the kernel lacks nfsd support, and thus
expo
On Mon, Oct 07, 2002 at 09:54:24AM -0400, Julius Szelagiewicz wrote:
> Jim,
> nfs over tcp is definitely not experimental. it is being used "all
> over the place" - hp-ux and aix, to name 2 that i now of. That said, i
> agree that ipsec/ssl is the way to go. will you have it ready soon? ;-)
On Mon, Oct 07, 2002 at 09:11:37AM -0400, Julius Szelagiewicz wrote:
> Pstrice,
> i believe we should be able to tunnel nfs as well over ssh. nfs v3
> allows the use of tcp instead of udp and the ports are well defined: 2049
> for nfsd and 1110 for keep-alive and status. haven't tried it, th
Hi,
> NFS can be forced over TCP and secured.
Or you could use
http://www.math.ualberta.ca/imaging/snfs/
but basically you have a chicken and egg problem because your utilities used
to tunnel nfs have to be present before mounting the root, but the root is
nfs mounted.
> Are you saying you h
Hi,
I use ssh to do the authentication and launch X. Only nfs isn't tunneled.
Is it that kind of solution that you want ?
On Fri, Oct 04, 2002 at 02:15:59PM -0400, Barry Newman wrote:
> Still searching for a way to secure the transport layer down to the client
> (before authentication). Anyone t
Hi,
On Wed, Jul 31, 2002 at 12:46:28PM +0200, Mike Arends wrote:
> Hi there,
>
> When running rpm to install the rdesktop package on my RH 7.3 machine I get
> the message that libcrypto.so.1 is needed.
>
> Where can I find it? In what package is it available?
It is in an openssl package.
Pat
Hi,
I made a package with that (I took ideas from Robert Stanford) and with X
and vnc over ssh for ltsp. Currently there are compatibility library issues,
but you may have some luck.
The package is in Xtras, under Patrice Dumas, it is called lts_ssh.
> why dont we use ssh in runlevel 4 to impro
Hi,
Is there anybody interesting in a graphical ssh login for ltsp (using host
based authentication) ? I don't use ltsp currently, but I am willing to
develop that if there are people interested in using it. If you are
interested, could you please mail me (privately if you don't want to bother
On Wed, May 15, 2002 at 10:32:08PM +0200, Martin Herweg wrote:
>
> Hi all!
>
> I'm looking for LTSP without DHCP.
>
> I do not want a DHCP Broadcast.
> I want to store the Information
> about the clinet & server-IP
> on the client's
> Harddisk or Floppy.
>
> did anyone try that?
I did for fl
Hi,
On Tue, May 14, 2002 at 03:22:35PM -0400, Julius Szelagiewicz wrote:
> Patrice,
> your number 2 solution should work, provided that the workstation
> can *locally* encrypt the traffic with a public key. julius
If you agree to use RSA based authentication, then I implemented something
w
Hi,
> ssh will ignore the -X parameter if $DISPLAY is not set. So
>
> DISPLAY=":0.0"
> export DISPLAY
> ssh -X -l user server icewm
>
> should do the trick.
This is needed but not sufficient. In my case, I use xinit, thus the DISPLAY is
correctly set. However this isn't sufficient, what is ne
On Tue, May 14, 2002 at 11:42:47AM -0400, Julius Szelagiewicz wrote:
> Patrice,
> you are right about the "man in the middle" attack. my take on the
> whole discussion is that we are trying prevent people from sniffing
> passwords. ssh *would* work great for it, if the software loaded into t
Hi,
> I don't see what you mean. It doesn't matter what who you are on the
> terminal, what matters is who you are on the server. You'd script the
> user on the terminal (root) to login to the server as some user and run
> the su command to be whatever user you want on the server.
This is o
Hi,
> It's possible in theory, but as far as I know no one has coded the one
> part that's needed. It's trivial to script ssh to login in remotely
> tunneling X and run a program, so all that's needed is a graphical login
> which is setuid to root so it can actually change user ids. Really
Hi,
> Anthony Dean stated in a post the 25 of april that it is possible to
> get a gui login promp over ssh (without using vnc), but, as I
> understood his post, other features of the XDMCP such as indirect
> queries is not possible (since they rely on udp).
> He has not given a working example
On Tue, May 14, 2002 at 02:10:35PM +0200, Jason Bechtel wrote:
> Security-minded LTSPers,
>
> For my contribution, I just want to mention stunnel. From the main page:
>
> If I'm thinking properly, then we should be able to make an
> Stunnel+OpenSSL add-on package for LTSP which provides a wrap
On Mon, May 13, 2002 at 08:52:40AM -0400, Julius Szelagiewicz wrote:
> Patrice,
> changes would also be needed in the ltsp kernel for direct support
> of ssh. here are the answers to your 2 questions:
Why ? Why couldn't you do all that in user space ?
> > I don't understand how you make th
Hi,
You can also use password authentication with ssh. I think that with password
authentication the password are fairly well protected. And you can also use a
passphrase to protect the private key. I think that getting the private keys
with a password and then protect it with a passphrase is fai
Hi,
On Sat, May 11, 2002 at 03:01:37PM -0700, Pedro Torres wrote:
> hi,
>
> on the terminal under runlevel 3 or 4 i says :
> # loadkeys es
>
> the command is ok, the keymap is loaded but not work,
>
> in ltsp_core 3.0.3 and it work but it dont have
> support for 486, exist other way to make i
21 matches
Mail list logo