IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 8 January 2021   (all times are UTC)

00:13GodFather has joined IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
01:52GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 246 seconds)
01:56lucascastro has left IRC (lucascastro!~lucascast@177-185-139-189.dynamic.isotelco.net.br, Remote host closed the connection)
01:58lucascastro has joined IRC (lucascastro!~lucascast@177-185-139-189.dynamic.isotelco.net.br)
02:53GodFather has joined IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
03:51lucascastro has left IRC (lucascastro!~lucascast@177-185-139-189.dynamic.isotelco.net.br, Read error: Connection reset by peer)
04:13GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 264 seconds)
06:37RaphGro has joined IRC (RaphGro!~raphgro@fedora/raphgro)
08:23shored1 has left IRC (shored1!~shored@82-128-142-239.rev.dnainternet.fi, Read error: Connection reset by peer)
08:23shored has joined IRC (shored!~shored@82-128-142-239.rev.dnainternet.fi)
08:25
<vagrantc>
alkisg: haven't gotten to ltsp and epoptes in debian yet, but ... hoping for this weekend!
08:25
<alkisg>
vagrantc: thanks! No hurry at all, as long as it makes it for bullseye
08:25
<vagrantc>
the ssh-copy-id proposal is somewhat terrifying, though ...
08:25
<alkisg>
Why?
08:26
<vagrantc>
the idea of messing around with user's ssh authentication keys...
08:26
and should still have plenty of time for bullseye
08:26
<alkisg>
LTSP5 had an sshfs control socket; this gave sshfs access to root, but it couldn't do sshfs reconnections,
08:26
<vagrantc>
right
08:27
<alkisg>
Having a single ltsp key in ~/.ssh/authorized_keys allows reconnections too
08:27
<vagrantc>
sure, that part is nice. :)
08:27
<alkisg>
We can remove duplicates etc after logon, as we'll have access to ~/.ssh
08:28
We'll also want to maintain a ~/.cache/ltsp dir with recent connection information
08:28
<vagrantc>
and you're generating throwaway keys on the machine ?
08:29
<alkisg>
Yes, assuming the idea works of course
08:29
E.g. pamltsp will see that user U tries to login,
08:29
and it hasn't generated an ssh key for him yet, so it creates one and puts it e.g. in /run/ltsp/some-private-dir,
08:30
then it uses ssh-copy-id for authentication; if it succeeds, we can reuse it for additional mounts and even reconnections,
08:30
and we can remove it when the user logs out
08:31
Sure, if one gets root on the client he also gets access to the user home dir, but that happens anyway, he has access to /home/user/.ssh
08:33
vagrantc: it might also be possible to modify the server's sshd_config to search for authorized_keys in some private ltsp directory on the server
08:34
That way we won't modify the user's ~/.ssh, but we'll need to add a configuration file to the server's /etc/ssh/sshd_config.d dir...
08:34
<vagrantc>
yes, but not sure it's possible for ssh-copy-id to put those there
08:35
but that sort of thing is definitely possible
08:35
<alkisg>
Indeed. And, a really really different approach, is that since ltsp will get an https server anyway, authentication and sshfs keys management can happen over that, completely ignoring ssh-copy-id
08:36
I.e. pamltsp will still send the user password over https, along with a temporary sshfs key, and if it's accepted, our https server can store it wherever needed
08:36
It's not for now, I just wanted to file that issue in order to politely turn down the pull request, as it was going the wrong way
08:37
<vagrantc>
right
08:37
anyways, going to try to get some sleep so i have time to work on ltsp :)
08:37* vagrantc waves
08:37
<alkisg>
Ciao!
08:39ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
08:44vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)
09:13woernie has joined IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de)
09:30woernie has left IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de, Ping timeout: 264 seconds)
09:38woernie has joined IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de)
10:30woernie has left IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de, Ping timeout: 246 seconds)
10:51woernie has joined IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de)
11:12woernie_ has joined IRC (woernie_!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de)
11:12woernie has left IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de, Read error: Connection reset by peer)
11:15lucascastro has joined IRC (lucascastro!~lucascast@177-185-133-174.dynamic.isotelco.net.br)
11:46lucascastro has left IRC (lucascastro!~lucascast@177-185-133-174.dynamic.isotelco.net.br, Remote host closed the connection)
11:48lucascastro has joined IRC (lucascastro!~lucascast@177-185-133-174.dynamic.isotelco.net.br)
12:50woernie_ has left IRC (woernie_!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de, Ping timeout: 240 seconds)
12:53woernie has joined IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de)
13:10ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
13:13ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
13:21woernie has left IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de, Ping timeout: 246 seconds)
13:21woernie has joined IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de)
13:55woernie has left IRC (woernie!~werner@dslb-188-108-134-111.188.108.pools.vodafone-ip.de, Ping timeout: 256 seconds)
14:51lucascastro has left IRC (lucascastro!~lucascast@177-185-133-174.dynamic.isotelco.net.br, Remote host closed the connection)
15:25GodFather has joined IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
15:27lucascastro has joined IRC (lucascastro!~lucascast@177-185-133-174.dynamic.isotelco.net.br)
16:05RaphGro has left IRC (RaphGro!~raphgro@fedora/raphgro, Quit: Please remember your own message. It'll be read as soon as possible.)
16:51woernie has joined IRC (woernie!~werner@pd9e8bc11.dip0.t-ipconnect.de)
17:28vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
17:36GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 256 seconds)
18:32lucascastro has left IRC (lucascastro!~lucascast@177-185-133-174.dynamic.isotelco.net.br, Ping timeout: 256 seconds)
18:57lucascastro has joined IRC (lucascastro!~lucascast@177.125.20.159)
19:08lucascastro has left IRC (lucascastro!~lucascast@177.125.20.159, Ping timeout: 264 seconds)
20:50woernie has left IRC (woernie!~werner@pd9e8bc11.dip0.t-ipconnect.de, Remote host closed the connection)
22:42ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)