securing installation
Rudy Gevaert
Rudy.Gevaert at UGent.be
Wed Sep 12 10:59:45 CEST 2007
Hello,
This subject comes on the foreground from time to time. I would like to
implement the following:
I would write a simple cgi script that when requested returns a private
ssh key file. Of course the cgi script would be protected in some kind
of way. It would check that a certain machine is to be installed, and
if so check the source ip address of the machine that called the cgi
script. If they match we only then return the private key file.
When we boot the machine into fai, fai should then request the cgi
script and download the keyfile. Using that private key fai is now able
to download the config space trough svn+ssh.
It now deletes the private key it downloaded.
And continues with the installation.
The only question is where should I add the code that views the cgi
script? Should I add in the rcS file? And where? I guess some things
have to be configure first before I start the download.
Any other remarks are welcome too :)
Thanks in advance,
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen Systems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the linux-fai
mailing list