On Fri, 29 Oct 2004 22:38:34 +0200, martin wrote in message <[EMAIL PROTECTED]>:
> also sprach Arnt Karlsen <[EMAIL PROTECTED]> [2004.10.29.2054 +0200]: > > ..have each node scp those keys and whatever else you want from > > the boot server, say from each node's /etc/rc.local. _Combine_ some > > node hardware based ID schemes, say nics mac addresses, cpuid, etc. > > How do you suggest to combine a hardware based ID scheme with SSH? > Also, which hardware ID should be used, so that it's not forgeable? ..that depends on your hardware, nic mac addresses can be forged, cpuid can be forged etc. Now, list all your nodes hw info, and see if you can poll s.m.a.r.t'ly for disk partition uids or even md5sums off swap files or swap disks across boots, and you still wind up having to trust your nodes at some stage. Get creative! ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
