also sprach Blair Strang <bls@nanocorp.net.nz> [2004.10.30.0237 +0200]: > Based on a cursory look at how FAI works, if you're worried about > a 'laptop attack' -- i.e, an untrusted person with access to your > network media -- I think there are more problems than just SSH > keys. Well, you are too right, unfortunately. I am beginning to believe FAI really needs to be extended to allow for the use of security tokens on the clients (whatever that may be), and switch to getting the configuration space via WebDAV or the like. CVS is already supported, but CVS also adds an extra level of indirection, which may cause problems. The way to do it would be to use a token, such as a USB stick, or a manually keyed passphrase, which then allows (encrypted) access to the master server, from which the configuration space is obtained. After all, at the moment, /etc/fai is exported via NFS, and /etc/fai/class/DEFAULT.var contains the root password to be used on all the nodes. Uh oh. > [Unless I've misunderstood the threat model you're positing here] No, you have not. I was about to invest too much time into this key business though, when in fact, I was forcefully ignoring the fact that the whole thing is as insecure as <you name it>. I wonder if it's possible to make a secure cluster environment with automatic installations. I guess I will have to go for the /scratch idea... -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature