Hi, Sorry for my not so good english... I would like some advice if someone is interested in my problems or has tried something similar. (I use linux for this project). I want to setup dumb terminals with ssh. I want them to be able to be dumb character terminal, but also graphical dumb terminals with tunneled vnc. I use ltsp as a basis for boot. First the terminal mount its root filesystem read-only, and then creates a small ram-disk file-system read-write, for /tmp and /var and some other file needing read-write permissions. At this point, I would like the user sitting on the terminal to be prompted for a user name, a password, a passphrase if there is some, and nothing more after that for all the ssh like command used (be it slogin, scp, ssh tuneling, and so on). I would also prefer a solution where there is no /etc/passwd-shadow on the root fs, or only with a fake user which won't compromise security. To implement that I had the following idea : 1) Get the user login and the user private key using scp. (a programm asks the login name, $SSH_USER, and then launch scp -l $SSH_USER@server:/private/key/file /tmp/ssh-private-$SSH_USER If scp didn't failed, it puts the user login in $SSH_USER environment variable and the private key is in /tmp/ssh-private-$SSH_USER. 2) Then start ssh-agent, which in turn starts a script in which the first command is ssh-add /tmp/ssh-private-$SSH_USER. 3) in the following sections of the script, run arbitrary ssh commands. Now some questions : no user will be known locally besides root. Is it a problem ? Thus ssh-agent, ssh-add will be launched by root, and the /tmp/ssh-private-$SSH_USER file would be also owned by root. Is it a problem ? In the 3) part, all commands will be launched with ssh -l $SSH_USER by root. Is it annoying, and does it leads to possible security holes, like $SSH_USER being used to pass bad arguments to ssh, as root ? Could the trick of using an environment variable for the user login be source of security problems ? For enhanced security, would it be possible to do a rm /tmp/ssh-private-$SSH_USER after the ssh-add command ? Is the login like programm which has to be used in the 1) part, which get the user login and in that case use scp for the password to be written using special care ? Did someone allready do it (or a similar one which would launch ssh instead will certainly be easily used for that) ? Thanks for your attention, hoping that it will interest you. Pat