On Wed, Feb 3, 2010 at 8:25 PM, Gideon Romm
<l...@symbio-technologies.com> wrote:
> Grant,
>
> I just read through the ltsp-update-sshkeys script, and (aside from it
> needing some love), it looks like in order for ltsp-update-sshkeys to
> include the extra keys for the other servers, you need to save those
> keys on the ltsp server in: /etc/ltsp/ssh_known_hosts.myname (where
> "myname" can be replaced with any name you find would help you remember
> what keys are in that file - and you can have multiple files of that
> type).
>
> Now, interestingly, ltsp-updates-sshkeys has a --export option to export
> the keys of the ltsp server to a file, presumably for this purpose. But,
> this puzzles me, because you don't want the LTSP server's keys, you want
> the application servers' keys. Which, I suppose means you could copy
> ltsp-update-sshkeys to your app servers to export things, but this is
> clumsy.
>
> We *should* make it so that I can pass ltsp-update-sshkeys --export
> <filename> [IP-of-app-server] and have the script use ssh to request
> the public key of the app server and store that in the file. I will add
> it to a TODO for now.
>
> But, in answer to your keys question, I would go ahead and put the keys
> on the ltsp server in /etc/ltsp/ssh_known_hosts.myname, rerun
> ltsp-update-sshkeys and ltsp-update-image. Then, you can test it by
> dropping to a shell on the thin client and attempt an ssh to the app
> server. If all goes well, you should NOT be asked to accept the
> authenticity of the host.
>
Here is how it is done on openSUSE, we have common configuration file
/etc/sysconfig/kiwi-ltsp where user specifies CLUSTER_NODES, the keys
are fetched using ssh-keyscan command like this:
get_ssh_keys() {
if [ -f $output -a -s $output ]; then
for ip in $ips; do
#fix this if [ $ip != $SERVER_IP ]; then
for encryption in $enc; do
host=$(arp $ip | sed -n 2p |
cut -d " " -f1)
ssh_key=$(ssh-keyscan -t
$encryption $ip 2> /dev/null)
if [ -n "$ssh_key" ]; then
echo $ssh_key >> $output
log "Adding
${encryption}-hostkey for ${ip} to ssh_known_hosts"
if [ -n "$host" ]; then
echo
$(ssh-keyscan -t $encryption $host 2> /dev/null) >> $output
log "Adding
${encryption}-hostkey for ${host} to ssh_known_hosts"
fi
else
manual_step "No
${encryption} key found for ${ip} / ${host}, please configure the ssh
server correctly and ensure that the secondary server is up."
fi
done
# fi
done
fi
}
kiwi_ltsp_cluster_setup_sshkeys() {
## Setup the SSH keys for seamless access of clients to the
secondary servers
ips=`echo $CLUSTER_NODES | tr -d ' ' | tr ',' ' '`
get_ssh_keys
}
Lot of above is borrowed from upstream script.
Cheers
-J
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
