securing installation

[Rudy Gevaert]

Hello,

This subject comes on the foreground from time to time.  I would like to 
implement the following:

I would write a simple cgi script that when requested returns a private 
ssh key file.  Of course the cgi script would be protected in some kind 
of way.  It would check that a certain machine is to be installed, and 
if so check the source ip address of the machine that called the cgi 
script.  If they match we only then return the private key file.

When we boot the machine into fai, fai should then request the cgi 
script and download the keyfile.  Using that private key fai is now able 
to download the config space trough svn+ssh.
It now deletes the private key it downloaded.

And continues with the installation.

The only question is where should I add the code that views the cgi 
script?  Should I add in the rcS file?  And where?  I guess some things 
have to be configure first before I start the download.

Any other remarks are welcome too :)

Thanks in advance,


-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert at UGent.be          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen                    Systems group
Universiteit Gent                 Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --