On Wed, Mar 12, 2014 at 12:12:41AM +0400, Denis Croombs wrote: > I would like to secure the network traffic between the thin client (PC > booted from the LTSP server) using SSL or SSH to block any man in the > middle attack, but cannot find any reference on how to do this, has anyone > done this ?
By default (at least on Debian and Ubuntu), the whole session is encrypted. Noteable points like localdev and sound are still unencrypted... If you're really concerned, the kernel, initrd and root filesystem are also sent over the wire unencrypted... That is theoretically possible to encrypt, but involves *many* more challenges. You'd probably have to start with iPXE, which supports downloading over https and allows you to specify a certificate authority... you'd need to have iPXE locally installed on all your thin clients, although even a very large build of iPXE is under a couple megabytes in size. iPXE will get you the kernel and initrd, but then you'll need to also figure out a viable encrypted root filesystem... or at least a means of cryptographically signing the root filesystem image... Would be an interesting project! live well, vagrant ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
