ssh - no added security?
hedges at recyclecomputer.com
Mon Mar 24 23:40:04 CET 2003
Does it really matter that the install client uses ssh to save
log files, and that ssh is used to access the install client
from the server?
Since the client mounts the filesystem containing its secret
keys with nfs, the secret host key and user key pass in the
clear from server to client when the client opens them to make a
That compromises the security, right?
There would need to be away to encrypt the NFS mount.
Is this possible?
Or maybe use a bootfloppy and modify the script to generate keys
for every floppy, and symlink this so the client does not open
the secret keys through a cleartext connection.
More information about the linux-fai