John, imho it is not a good idea to have no root password on your ltsp server. The root passwords (and accounts) in the ltsp server and the chroot have nothing whatsoever to do with each other, there's no need to change your root password on the server when you change it in the chroot. Only thing you have to do is update the image after you changed anything in the chroot, so it is applied when you reboot your client.
Anyway, I'm not sure (may have missed part of the discussion) why you dont simply use public key authentication instead of passwords? Just generate a key as root on the ltsp server, then copy the public key to the authorized_keys file in the chroot (in /root/.ssh resp. /opt/ltsp/i386/root/.ssh - make dir if not exist, update image). You could also compile a custom version of the ssh client that takes the password from an environment variable (which you can set in a shell script, SSHPASSWD for example), only requires a few changes in the source code. Let me know if you'd like a howto for this. I imagine the problem with the known_hosts checking would persist, so you'd have to disable that in any case... either way, I guess you introduce a certain level of security risk. regards, Bettina Am 25.10.2012 19:56, schrieb John Hupp: > [...] > > I made another run at accomplishing the same client shutdown with a > passwordless root account. This time, instead of running "sudo passwd > -d root" in a terminal, I started a console (Ctrl-Alt-F1), logged in as > root with the simple password, and ran "passwd -d root." The output, as > before, was "passwd: password expiry information changed." But could > indeed log in to the console as root without a password. > > I rebooted, deleted the root password in the LTSP chroot environment, > updated the client image, and rebooted again. > > In a host terminal, I ran "ssh -l root <client IP> shutdown -h now," was > prompted for a password, and simply hitting the Enter key yielded > permission denied. I also tried entering the simple password root had > before deleting it, and again, permission denied. So while the result > is not quite the same as before, it still seems to qualify as "split > personalitysyndrome." > > ** But here was an interesting further development: If I logged into a > console as root and then ran the ssh shutdown command, it workedwith no > prompt for a password!! ** > > My actual goal here is, for a small LTSP network powered by a UPS, to > shut it down with a script in the event of a power outage. It's not > clear to me that I now have something that will work, but I probably > have enough to try. > > But the above split-personality behavior does beg for an explanation! -- Universitätsbibliothek Augsburg Referat Datenverarbeitung 86135 Augsburg Tel. +49 821 598-5370 Fax +49 821 598-5407 [email protected] http://www.bibliothek.uni-augsburg.de ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
