I was finally able to return to this.
Lance Levsen was the first to reply to my question, and indicated the
general approach thus:
What about a passwordless login setup in the chroot for root. Then
just a bash for loop?
$> for i in LIST; do ssh -l root $i shutdown -h now; done
where LIST is a list of hosts?
Rüdiger Kupper and David Burgess followed as below. But I am stuck at
the "passwordless login setup in the chroot for root." Following
https://help.ubuntu.com/community/RootSudo, I enabled the root account
(on the LTSP host and in the client image), but a password was required.
I read in
http://manpages.ubuntu.com/manpages/hardy/man5/passwd.5.htmlthat if
/etc/passwd has an "x" in the password field for the user of interest
(and it does indeed for root), then the actual password hash will be
located in /etc/shadow, but that file does not exist. I was imagining
that I might delete the field in shadow to arrive at a no-password state.
At the moment, I can run "ssh -l root <LTSP client IP> shutdown -h now"
on the host, login with the root password, and the client will shut
down, but that does not fulfill my purpose of an unattended graceful
shutdown by a UPS in the event of a power outage.
** So how do I make a blank password for root, or can I pass the
password as an argument in the command? **
Also, it seem like I had to enable the root user on the LTSP host and in
the image. Was that necessary?
I also follow at the end of this post with an expanded set of steps for
setting all this up(good for newbies like me).
On 10/12/2012 11:44 AM, David Burgess wrote:
On Fri, Oct 12, 2012 at 8:56 AM, Rüdiger Kupper <[email protected]> wrote:
That's the way we are doing it. For this to work, you need to install
the ssh server in the client chroot, set up a root account und list
root's ssh fingerprint in the authorized-keys file.
Here are some helpful bits for accomplishing the above:
# Generate ssh keys for client management
ssh-keygen -q -N "" -f /root/.ssh/id_rsa
# Copy those keys to the client chroot
chmod 600 /root/.ssh/id_rsa.pub
mkdir -m 700 /opt/ltsp/$ARCH/root/.ssh/
cp /root/.ssh/id_rsa.pub /opt/ltsp/$ARCH/root/.ssh/authorized_keys
# Suppress meaningless host key messages in ssh client
# Note that this does not reduce security when connecting to thin
clients, but could compromise
# security when connecting to other ssh servers, as it defeats host key checking
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
echo "UserKnownHostsFile=/dev/null" >> /etc/ssh/ssh_config
db
*From a newbie perspective, an expanded though not complete set of
steps* (sudo is required for some commands below beyond the ones already
noted):
# Enable the root user account on the LTSP host
sudo passwd root(and entry of a new password is required)
# Generate ssh keys for client management
ssh-keygen -q -N “” -f /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa.pub
mkdir -m 700 /opt/ltsp/i386/root/.ssh/
copy /root/.ssh/id_rsa.pub /opt/ltsp/i386/root/.ssh/authorized_keys
# Suppress meaningless host key messages in ssh client
# Note that this does not reduce security when connecting to thin
clients, but could compromise
# security when connecting to other ssh servers, as it defeats host key
checking
# (Vagrant Cascadian thinks the security of this procedure is
questionable, even for thin clients)
echo “StrictHostKeyChecking no” >> /etc/ssh/ssh_config
echo “UserKnownHosts=/dev/null” >> /etc/ssh/ssh_config
# Install the SSH server in the chroot environment
sudo chroot /opt/ltsp/i386
apt-get install openssh-server
# Also in the chroot, enable the root user
sudo passwd root (and entry of a new password is required)
# Update the LTSP image:
export LTSP_HANDLE_DAEMONS=false
sudo chroot /opt/ltsp/i386
mount -t proc proc /proc
exit
sudo ltsp-update-kernels
sudo umount /opt/ltsp/i386/proc
sudo ltsp-update-image
# Shut down one client from the host
ssh -l root <LTSP client IP> shutdown -h now
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
