> No offense, but this is what learning how openssh-server works is all > about.
I'm not sure what you mean by that. Certainly not everyone enjoys seeing how every config file works. Some admins and I'd say the vast majority of users just want things to work. To repeat an analogy I heard recently, some people train horses and some people ride them. Maybe you do both, but not everybody does, and not everybody wants to. > Here, I'll even show you how to get sshd to listen on 2 ports: > > > /etc/ssh/sshd_config: > > Port 22 > Port 2222 Sure, but this setup doesn't prevent h4xorz in the far east from breaking into my server on 13-year-old Kevin's account using his weak password. I really couldn't care less if my clients access the server on port 22 and my admins access it remotely on port 22, so long as my clients' access is limited to the local interface. Show me how to disable password authentication on the WAN interface, or how to apply the AllowUsers option to only the WAN interface and I'll drop my case. The fact remains, and I don't see you acknowledging this fact yet, that many ltsp admins need ssh for two very different things: thin client access and remote admin access. At present, the only way to provide for these two needs simultaneously and securely is to run 2 instances of ssh on 2 different ports using 2 different config files. This can be done, but frankly it's just not simple enough. > - Creating a new package and maintaining it for simply offering a > default alternate configuration wouldn't fly with any sane maintainer. As I've pointed out, ltsp is an alternate use of ssh, and as Rob pointed out, ltsp requires that ssh be configured in a way that is simply unacceptable for traditional use, i.e., remote (open) access. And I disagree with your argument that no sane maintainer would maintain an alternate configuration. Taken to its logical extreme, your argument says that no sane maintainer would work on Ubuntu when there is already Debian, or Debian when there is Red Hat, or Red Hat when there is Windows, or Windows when there is a typewriter and calculator. I appreciate what package maintainers do. Every time I install or upgrade Ubuntu at home I have to go to Brother's web site, download the (multiple) .deb drivers for my printer, install them with a bunch of command-line overrides, then run a bunch of other ubuntu-specific fixups to make said drivers work with my system. It's a pain in the arse, but I don't complain to Brother, because how many printer manufacturers provide GPL drivers? But thank heaven for Saïvann Carignan who created an ubuntu package called brother-cups-wrapper-extra. Thanks to his work and others, getting my printer to work on a fresh install now takes 30 seconds instead of 30 minutes. He didn't give my printer drivers any functionality that they didn't already have, he just gave me and every other Ubuntu-Brother owner an alternate configuration, a really handy time and sanity-saving tool for making them work. I'm not criticising the ltsp team. I love what they provide. And I'm not asking anybody--I hope--to change the way your ssh server or ltsp server operates. I simply think it would be a boon to the project to remove some of the pain in creating what I suspect would be a fairly popular scenario among ltsp admins and facilitate the ability to access the server remotely without compromising the very good security provided by the OpenSSH server. db ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
