|00:52||danboid has left IRC (danboid!~ISDADS\firstname.lastname@example.org, Quit: Leaving)|
|04:15||quinox has left IRC (email@example.com, Quit: WeeChat 2.8)|
|04:19||quinox has joined IRC (firstname.lastname@example.org)|
|06:04||RaphGro has joined IRC (RaphGro!~raphgro@fedora/raphgro)|
|08:39||xagapiou has joined IRC (email@example.com)|
|09:01||xagapiou has left IRC (firstname.lastname@example.org, Remote host closed the connection)|
|10:58||fafler has joined IRC (email@example.com)|
Hi. I'm working on a LTSP setup, but I need the SSH server to run on the clients, and also need root login via SSH. How do I do that?
I do not know about 'ssh', but I do know about these similar topics: 'sshd'
sshd: Exposing sshd host keys over NFS is unsafe, so it's disabled by default and !epoptes is recommended instead. If you insist on running sshd in LTSP clients, read https://github.com/ltsp/community/issues/161#issuecomment-694123543
epoptes: Epoptes is a computer lab administration and monitoring tool. It works on Ubuntu and Debian based labs with LTSP or non-LTSP servers, thin and fat clients, standalone workstations, NX clients etc. More info: https://epoptes.org
install: To install LTSP: https://ltsp.org/docs/installation/
This installation page also includes instructions for epoptes
Ohhh... seems like that is what I should be doing. Thanks :-D
Maybe you already have epoptes ? If you followed the wiki page...
*the installation page...
Yeah, it was in the install guide, but I didn't look into it, because I usually just use SSH
|11:24||danboid has joined IRC (danboid!~ISDADS\firstname.lastname@example.org)|
alkisg: I have worked out the minimum set of ports required to be open on a software firewall for an LTSP server bar one rule, something like this:
ufw allow 30000:65535/tcp
What is the lower bound of that range that needs to be open?
Maybe its 32XXX?
30000 might be a bit too low?
I've definitely seen it use ports in the 3XXXX range but maybe it goes lower
I want this running so that we can use fail2ban
which requires an enabled software firewall
Oh actually, its probably 32768 to 60999
https://en.wikipedia.org/wiki/Ephemeral_port says "Many Linux kernels use the port range 32768 to 60999"
That sounds like a match to me
I will update the wiki security article with the list of ports shortly
|13:05||TatankaT has joined IRC (TatankaTemail@example.com)|
|13:31||lucascastro has left IRC (firstname.lastname@example.org, Ping timeout: 272 seconds)|
|13:42||lucascastro has joined IRC (email@example.com)|
|13:43||danboid has left IRC (danboid!~ISDADS\firstname.lastname@example.org, Quit: Leaving)|
|14:38||lucascastro has left IRC (email@example.com, Ping timeout: 246 seconds)|
that's a lot of ports
you can also make the default ACCEPT + fail2ban
|15:28||woernie has left IRC (firstname.lastname@example.org, Ping timeout: 256 seconds)|
|15:29||woernie has joined IRC (email@example.com)|
|15:58||woernie_ has joined IRC (firstname.lastname@example.org)|
|15:58||woernie has left IRC (email@example.com, Ping timeout: 272 seconds)|
|18:26||lucascastro has joined IRC (firstname.lastname@example.org)|
|20:13||lucascastro has left IRC (email@example.com, Ping timeout: 260 seconds)|
|21:06||lucascastro has joined IRC (firstname.lastname@example.org)|
|21:39||lucascastro has left IRC (email@example.com, Ping timeout: 260 seconds)|
|22:40||lucascastro has joined IRC (firstname.lastname@example.org)|