On Fri, Oct 17, 2008 at 10:24 AM, Rob Owens <[EMAIL PROTECTED]> wrote: > Thanks for bringing some sanity to this discussion. That's all the > original poster was looking for -- a way to share his learning > experience with others.
Exactly. My original post listed a couple of the issues I ran into when attempting to lock down a LTSP 5 server. Some of the points were just different than what I ran into with older versions of LTSP. The use of ssh for the terminals means that some adjustments to my normal lock down procedures are necessary. Making ssh available to the Internet from a default LTSP 5 server is not secure (even on a non standard port) unless you trust your users to create good passwords (or you use keys) and if you trust your users, you have already lost ;-). That is not to say that LTSP 5 is not secure, but the use of ssh in its default configuration makes your server vulnerable to your users ability to create a decent password. Until I get around to configuring the second ssh daemon I will simply connect to the LTSP 5 server through a different server... Tim ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
