[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] I can't log in into LDM | SL 6.1 thin client image



Hi all,

I've found the "ltsp-update-sshkeys" script failing on CentOS 6.4.
Reason is, script attempts to create keys for rsa, dsa and ecdsa while the last one (ecdsa) is not available in this distro.
One may install ecdsa, however I've failed to find it. Disregarding that I would suggest to fix the script making it a bit smarter about what is possible in the system where it is running.

Assuming, that list of the private key files stored in /etc/ssh resembles what is possible in the system (each file is created using different algorithm), one may derive names from /etc/ssh/ssh_host_*_key files.
Simple "diff" of old and new files presents the change I do suggest:
84a85,87
> # Use ciphers known to the local system
> KNOWN_ALGO=$(for fn in /etc/ssh/ssh_host_*_key; do echo `basename $fn`; done | awk -F_ '{if(FNR>1)printf ",";printf $3}')
>
93c96
< ssh-keyscan -t dsa,rsa,ecdsa ${PORT:+-p $PORT} "$@" 2>&1 >"$EXPORT" |
---
> ssh-keyscan -t "${KNOWN_ALGO}" ${PORT:+-p $PORT} "$@" 2>&1 >"$EXPORT" |

 
With above fix applied, script is using what is available and creates keys. It will use ecdsa (or any other algorithm) if it might ever been installed later and appropriate private key file will get created, without need to fix it again.

For your convenience, both - diff file and modified script are attached.

Kind regards
Emil Krotki
EkroTech
PL: +48 693 463 115


-------- Original Message --------
Subject: Re: [K12OSN] I can't log in into LDM | SL 6.1 thin client image
From: Radek Bursztynowski <radek bursztynowski waw pl>
Date: Fri, July 12, 2013 1:14 pm
To: "Support list for open source software in schools."
<k12osn redhat com>

Baryy,

It could be that I don't understand you exactly, so let me present my steps:

1. I log into my server as a root and I deleted all files from /tmp directory.
2. I rebooted my thin client.
3. I switched SCREEN on my thin client to xtermm.
4. Then: ssh -X user my_server
5. I logged into my server (I accepted certificate). Next I exited.
6. From my thin client (still xterm SCREEN)I made:
# su -
# ssh -X root my_server (I accepted certificate), and I logged into, next I exited.
7. I switched SCREEN to LDM.
8. Now I can log into as a regular user and root.

But it is temporary success because after rebooting thin client I lose certificate and still I couldn't log into.

How to save proper set-up?

Radek

---
Radek,

On your server browse to the /tmp folder.
Delete all files ( as root) within the /tmp folder.
After deleting these files try and log into a thin client as a regular
user.
Also as a backup..try logging into a thin client as root and see if root
can do a log in to a thin client to your SL(older) image.

Barry



_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>;

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

Attachment: ltsp-update-sshkeys
Description: application/shellscript

84a85,87
> # Use ciphers known to the local system
> KNOWN_ALGO=$(for fn in /etc/ssh/ssh_host_*_key; do echo `basename $fn`; done | awk -F_ '{if(FNR>1)printf ",";printf $3}')
> 
93c96
<     ssh-keyscan -t dsa,rsa,ecdsa ${PORT:+-p $PORT} "$@" 2>&1 >"$EXPORT" |
---
>     ssh-keyscan -t "${KNOWN_ALGO}" ${PORT:+-p $PORT} "$@" 2>&1 >"$EXPORT" |

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]