ssh - better solution, perhaps
hedges at recyclecomputer.com
Tue Mar 25 07:09:44 CET 2003
Here's how it seems it should work... comments?
make-fai-nfsroot removes $NFSROOT/etc/ssh/ssh_host_*key*
make-fai-nfsroot removes $NFSROOT/root/.ssh/*
make-fai-nfsroot changes $NFSROOT/etc/ssh/sshd_config:
make-fai-nfsroot copies $SSH_IDENTITY (public user key)
make-fai-nfsroot copies /etc/ssh/ssh_host_*_key.pub
upon booting install client:
rcS.fai generates new host keys in /tmp/ssh for install client
rcS.fai generates new id keys in /tmp/ssh for install client root acct
Oh, darn it. Then how do we get the new id keys back to
the fai at server:~/.ssh/authorized_keys file, without typing?
Ultimately it seems the loguser login key will be compromised
by needing to open it through the cleartext NFS mount.
But with something like this approach, the server host key
will remain secure.
I use boot floppies, so I could generate an id pair that
lives on the floppy. But this does not help netboot users.
More information about the linux-fai