how do you distribute secrets ?
Erik Rossen
rossen at freesurf.ch
Thu Apr 22 13:19:34 CEST 2004
On Thu, Apr 22, 2004 at 11:38:10AM +0200, Thomas Lange wrote:
> > How do you distribute passwords, private ssh-host-keys and/or private
> > ssl-certificates ?
> Can you realy achieve real security during installation? PXE is a
> broadcast protocol, tftp is also very insecure, NFS is also not so
> secure, so how can the install client verify that it gets its
> information from the right install server and not from a bad guy? How
> can a install server verify that the install client is not cheating its
> MAC or IP address?
A partial solution is to hard-code the MAC addresses of the hosts' NICs
into the ARP table of one's switch. But try to find an inexpensive
programmable switch...
--
Erik Rossen ^ OpenPGP key: 2935D0B9
rossen at freesurf.ch /e\ "Use GnuPG, see the
http://people.linux-gull.ch/rossen --- black helicopters."
More information about the linux-fai
mailing list