Maurice, What I think Jason was telling you is that since your private key would reside on the server and would be sent to the client via unencrypted NFS, your ssh session would really be no more secure then your nfs traffic.
I suppose you could generate a new key in the client's ramdisk each time the client is booted, but then there would be no way to be sure that a client is who they really say they are. Or you could put the whole sshd, including key, on a hard drive on the client and run it as a local app, but then you're not really running a thin client and if you do run sshd locally, you can't use X, since then everything you see and type would be available on the network anyway. You must live in a tough neighborhood if even your LAN is untrusted! :-) Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Maurice Libes wrote: > > On Mon, Nov 24, 2003 at 09:22:33PM -0500, Jason Straw wrote: > > very little security is bought by this, because all file systems on the > > clients are mounted by an unencrypted means (nfs)... it's something > > being looked at very slowly, but it isn't there yet. > > sure you're right but i dont see the relationship between sshd and nfs > in term of security... > in a first time, what i want to avoid is to have a rshd daemon running on client side > (when local_apps is on), and to replace it with a sshd daemon > in a second time, of course it will be better to have a securised NFS > (let's wait for NFS v4)... and we can securise also NFS with a ssh > tunnel > > so, i ask my question again : is there somebody who runs a sshd daemon > on the client side? > thanks > ML ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
