> Seriously, this conversation is getting kind of silly. I seriously see > no need to launch a completely separate sshd just for administrators on > a different port. There are plenty of network-layer utils available to > secure a port from the outside world. There is no need to make > LTSP/Edubuntu setups more complex for this purpose. If you need access > to ssh from any IP on the net to your internal LTSP server, set it up - > but I really don't think this is a common enough scenario to warrant a > default secondary sshd for everyone. You're gonna get tons of admins > asking "why do I have an open port 2222? Why the hell is ssh running on > 2222??"
I have such a setup, and I agree that a second ssh should not run by default. Indeed, most modern distros run with no server listening on any port by default. Nevertheless I would advocate for making things a little easier to get a second ssh running for those who need it. I, for one, need it, and it took me quite some time searching and then some hand-holding from the list to get it going. Perhaps a new optional package could be made available for this purpose. For example, right now on ubuntu if I want to install and run an ssh server I just use my package manager to install the openssh-server package. Why not have an openssh-alternate-server or ltsp-ssh-server package that is not a dependency of ltsp-server, openssh-server, or any other package, but could be listed as "Recommends" or "Suggests" by those packages. It would run be default on an alternate port and could perhaps even ask the user, during configuration, which port and interface to listen on. Personally, I run my client-side ssh server on port 22 and my internet-accessible ssh server on an alternate port. This way I don't have to make yet another customisation to lts.conf and remote login attempts from unknown users are virtually non-existant. If one was to create a package for a second server and minimise setup headaches for the user, one would have to choose between a) altering lts.conf so the clients would connect to the second server on an alternate port, b) altering sshd_config so the primary ssh server listens on an alternate port, or c) prompting the user to make one of the above changes. I'm not really aware of the etiquette/implications of a package messing with the config files of another package. I really do think that creating a package, or through some other means, streamlining for the user the process of setting up a second ssh server would be a big step toward making ltsp simpler to administer, at least for the administrator that needs remote access. db ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
