Derek, Somebody on this mailing list just went through the same process in the last week or two. The suggestion for him was to setup 2 instances of sshd. One to listen on the internal interface and allow password logins, and the other to listen on the external interface and require public key authentication.
Try looking back through the archives and I think you'll find exactly what he did to make it work. Jim McQuillan [EMAIL PROTECTED] Derek Tattersall wrote: > David Burgess wrote: >> On Sat, Sep 6, 2008 at 4:30 PM, Derek Tattersall <[EMAIL PROTECTED]> wrote: >> >>> Help. >>> >>> I am trying to set up ltsp5 on a fedora 9 server (package >>> ltsp-server-5.1.22-1.fc9.x86_64) . I have followed the instructions at >>> https://fedorahosted.org/k12linux/wiki/InstallGuide, and it almost works. >>> >>> When I run ltsp-vmclient, it gets an ip, gets the kernel and the image >>> via tftp, and starts an X-session. >>> >>> However, when I try to log in, the client in the vm session states that >>> it is unable to verify my password and then the x-session restarts. >>> >>> I have verified that the client is mounting /opt/ltsp/i386. >>> >>> I tried connecting a real client to the server, and I get the same result. >>> >>> I have turned off the firewall on the server. >>> >>> Is there something else I need to do on the server to allow remote log ins? >>> >>> What else do I need to do to get a log in session? >>> >> >> Hm, not familiar with fedora but if I saw that in Ubuntu I would fix it by >> doing >> >> ltsp-update-sshkeys >> ltsp-update-image --arch=i386 >> >> I'm assuming you have your ssh server installed and running and that >> you have valid user accounts, even though I don't see those steps in >> the linked howto. >> >> db >> > > I did figure that out eventually. The issue was that I had password log > in through ssh disabled. I have been using a public key file instead. > > So the next question is... > > Is there a good secure way to allow password log ins over the ltspbr0 > interface which is bound to eth0, while restricting logins over the eth1 > interface which is connected to the internet? What I would prefer is to > not allow password log ins from the internet without a public key, while > allowing users to log in from my inside network by password. > > How would I configure sshd to do this? > > Also, how can I configure ltsp to connect to the server over a different > port than the default ssh port 22? One solution to my problem would be > to run 2 different ssh servers. One bound to port 22 and connected to > the outside world, and another connected to some other port and serving > my ltsp network. Has anyone set up something like this? How did you go > about it? > > > > Thanks. > > Derek Tattersall > > > > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
