From: Dumas P. <du...@ce...> - 2001-10-25 17:45:08
|
On Thu, Oct 25, 2001 at 09:36:34AM -0400, Jim McQuillan wrote: > Massimo, > > Yes, it's possible, BUT.... > > ssh relies on a private key for encryption. Where would you store > the private key for the workstation? > > If you store it on the server, and read it via NFS, then you have a false > sense of security. The private key would be passed on the network > unencrypted. > > So, you need to find a place on the workstation to store the key. Either on > a floppy, or a flash disk, or maybe a hard disk. Keep in mind one of the > things that makes a diskless workstation appealing is the lack of moving > parts. > > SSH can be used for encrypting the X session. Another alternative is to > use IPSec and encrypt ALL traffic between the workstation and the server. > You would still have the same 'private key' problem. I think it could be possible to reuse what I did for vnc over ssh : the user uses its password to get the private key with ssh from a server. With this system there is a real security, as in that case, the role of the private key is in the very first step taken by the password. Later the private key is the rsa private key, but this key has never been visible unencrypted over the network. Massimo, if you give me the set of ssh commands used to launch gnome or kde, I could make some change of what I did to launch X instead of vnc. In fact, this should prove to be much more simple than with vnc (because with vnc you have to launch a server, and a tunnel in that case). Pat |