On 21.07.2013 22:51, Alkis Georgopoulos wrote: > Στις 21/07/2013 11:02 μμ, ο/η Rüdiger Kupper έγραψε: >> Now given this change, and accepted that it is a security measure, >> let me rephrase my question: >> >> -> Since ssh login to running clients is a security risk, what >> other measure can I take to allow remote shutdown of a running >> client? > > If you run ssh-keygen on client boot, I don't think there are security > issues anymore.
This means that you won't know the client ssh host key. That's not better than a publicly-known one - either way you can't be sure the box you are connecting to is not spoofed. But then, if you want to shut the thing down, who cares? Make sure you are using key-based authentification to log into the thin clients. Never use passwords in the thin client - its /etc/shadow is also publicly viewable, and can be used to crack your password. This could then be used to log into thin clients and install keyloggers etc. If done that way I don't see any security issues, even with shared ssh host keys. Jakob ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
