I'm working on diskless Linux Cluster( a server machine, a master machine and 10 x slave machines). Which means the slave machines has no data storage device. I use a NFS server with the collaboration of PXE, DHCP, TFTP and SSH server configured to host the generic boot image for the single system image cluster nodes. Here is my question:
How do i store and retrieve the hostkeys for diskless machines in a secure manner?
I came up two solutions.
First, I can store them on the server and export them via nfs to the slave machines. But since NFS is not encrypted this would probably be a security problem.
Second solution: store keys in live cd. Machines will have hostkeys when boot live cd via NFS. But this is not a practical or safe way.
I really need help about this. Any ideas would be greatly appreciated.
Make /home/user folder of diskless station writable. UnionFS can be used for this. Also this can be done in initrd by creating tmpfs in RAM, copying current content of /home/user there, and mouting this as /home/user folder. By doing so you will have writable /home/user folder (but all changes will be lost after reboot).
EDIT: There is also Aufs which is re-designed and re-implemented Unionfs.
Once you have this you can have bash script which retrieves necessary files via https (wget with authentication) from server or via scp with hardcoded credentials or key (solely only for this copy procedure).
So, here you have diskless image with writable /home/user folder and script which on boot retrieves SSH keys to the /home/user folder.
This is abstract description of the solution, but it is 100% possible.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments