On 24.07.2013 09:11, Jakob Unterwurzacher wrote:
> With RSA, the sessions should be protected using a random per-session
> key exchanged using diffie-hellmann that does not depend on the
> private key for its security.
>
> I will try to find a definitive source for that and follow-up here.
Found
On 24.07.2013 07:22, Alkis Georgopoulos wrote:
> If my assumption above is true, that a leaked ssh server private key
> means that the ssh connections are no longer private, then this applies
> to key-based authentication as well.
>
Ok, thanks for the clarification!
After the Debian weak key issu
Στις 24/07/2013 01:03 πμ, ο/η Jakob Unterwurzacher έγραψε:
> This means that you won't know the client ssh host key. That's not
> better than a publicly-known one - either way you can't be sure the box
> you are connecting to is not spoofed.
Not knowing the ssh server public key == trust issue (
On 21.07.2013 22:51, Alkis Georgopoulos wrote:
> Στις 21/07/2013 11:02 μμ, ο/η Rüdiger Kupper έγραψε:
>> Now given this change, and accepted that it is a security measure,
>> let me rephrase my question:
>>
>> -> Since ssh login to running clients is a security risk, what
>> other measure can I tak
Στις 21/07/2013 11:02 μμ, ο/η Rüdiger Kupper έγραψε:
> Now given this change, and accepted that it is a security measure,
> let me rephrase my question:
>
> -> Since ssh login to running clients is a security risk, what
> other measure can I take to allow remote shutdown of a running
> client?
I
> -> Since ssh login to running clients is a security risk, what other
> measure can I take to allow remote shutdown of a running client?
Hmmm, allow me to suggest an answer to my own question. It may not be
the most elegant of ways, but...
-> Do not push, but poll: In the client chroot, install
On 21.07.2013 17:36, Alkis Georgopoulos wrote:
> sshd in the chroot is disabled by default, for security reasons, i.e.
> all the clients would have the same sshd host keys, and any non-LTSP
> client could read them by just mounting the NBD image.
I see. I am aware of this problem, but I always con
Στις 21/07/2013 05:47 μμ, ο/η Rüdiger Kupper έγραψε:
> The reason is that clients have no ssh host keys! They are
> actively removed during generation of client chroots, due to the
> following line in /etc/ltsp/ltsp-update-image.excludes: ... My
> question: How am I supposed to ssh into a running c
Hello list,
we have sshd installed in our client chroots, so that root can have
remote access to running clients. (We mainly use this for remote
shutdown of clients.)
After upgrade from 12.04 LTS to 13.04, root cannot connect to running
clients, although sshd is running.
The reason is that clien