Patrice,
changes would also be needed in the ltsp kernel for direct support
of ssh. here are the answers to your 2 questions:
On Mon, 13 May 2002, Patrice DUMAS - DOCT wrote:
> > exists, but is somewhat expensive. ltsp, as it is set now has only one way
> > to gain some semblance of security against password sniffing, although i
> > don't think anybody will do it): allow for only 1 session, upon the
> > start of the session start ssh, generate new keys with new passphrases,
> > use those to encrypt the session. at this point you can allow for more
> > sessions.
>
> I don't understand how you make the client and the server share the keys.
they really don't - all the storage is on the server, and that's
how we want it. the client uses public key for encryption.
>
> > As i was writing this i came up with another idea (so much for
> > "only 1 way") - use login and ssh in a somewhat modified way: upon
> > entering login name in cleartext, push the user's public key to
> > workstation and use it to encrypt the subsequent entries. ask for
> > passphrase, decrypt using private key which has *not* been compromised.
> > allow login if decrypt successfull. that way other than the original login
> > name and public key, everything else travels encrypted.
>
> But anybody can use the public key and the login name, then ?
Yes! this is how public cryptography works. you post your public
keys and hide the private keys. i use your public key to encrypt a message
to you, and you are the only one that can read it. so now the system uses
the private key to decrypt the passphrase.
>
> > how do you like it? it seems to require modifications mostly to
> > the login program. julius
again, kernel needs to be able to handle encryption, login needs
to push public key of the user to terminal.
> >
julius
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.openprojects.net
