ssh - no added security?

[Mark Hedges]

> Does it really matter that the install client uses ssh to save
> log files, and that ssh is used to access the install client
> from the server?
>
> Since the client mounts the filesystem containing its secret
> keys with nfs, the secret host key and user key pass in the
> clear from server to client when the client opens them to make a
> connection.

It seems also that make-fai-nfsroot copies the host keys of the
installation server to nfsroot rather than generating new keys.
debootstrap does this.  The copied host keys need to be removed
and then a `dpkg-reconfigure ssh` will generate new ones for
the nfsroot environment.

Did the old version do this?  That would mean that until now,
server host keys have been compromised as well as login keys,
because the client opens them through the cleartext nfs mount.

I will try to write a patch in the next couple days that fixes
this problem with make-fai-nfsroot, and the problem of copying
the correct host keys into the client's known_hosts file that
Radek Hnilica <ML at hnilica.cz> reported... unless someone already
did this...?

Then, at least, the only sensitive secret key that will pass
through the cleartext nfs mount will be the fai user's login key.

--mark--