Hosting Provided By

ssh with diskless machines

From: Peter <pk(at)q-leap.com>
Date: Fri Mar 14 2003 - 02:59:54 EST

Hello,

I am new to this list, and already have a question...

How to store and retrieve the hostkeys for diskless machines in a secure manner?

I couldn't find any information on this topic, which is weird since I cannot imagine that we are the first to be confronted with this issue...

The background to this question is as follows: The company I work at uses some hundred Linux-based diskless workstations. Which means the machines have no way to store data locally that survives a reboot. It would be too much effort to install hard-disks, or memory sticks, or anything. Until now they use the r-commands to connect to application servers, etc. but want to switch to ssh. The question soon arose: where to store the hostkeys? The only solution we came up is to store them on some server and export via nfs to the workstations. Since NFS is not encrypted this would probably be a security problem, but we could not come up with a better idea.
The other idea is of course to generate the keys each time a workstation boots, but that would mean to often edit the known_hosts file and perhaps use the "StrictHostKeyChecking no" option. Using DHCP does not look like a better idea than NFS, or does it?

Any help appreciated.

Peter

-- 
Peter Kruse 
Q-Leap Networks GmbH
+497071-703171

Received on Fri Mar 14 16:44:13 2003

This message: [ Message body ]
Next message: Sasso, John J (Research, Logic Technology Inc.): "Central key admin/authorization (CA, LDAP, etc.)"
Previous message: Noel.DelRosario(at)tokyostarbank.co.jp: "SSH / SSH-KEYGEN / PRNGD SEED"
Next in thread: Crist J. Clark: "Re: ssh with diskless machines"
Reply: Crist J. Clark: "Re: ssh with diskless machines"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:55 EDT

Do you need help?