On 16/09/06, Roland Renaud wrote: > We used Sun "jumpstart" to upgrade machines for Y2K. > In 2005, I used "kickstart" for a few Linux machines. > There might be a modern version of this that might help. > > As far as trusting your downloads, would having SHA sums help to > verify that you got what you expected? Do you need to securely download them if you can check hash sums or gpg signatures? So, against what threat are you trying to secure? Eavesdropping? Injection of trojans? scp is overkill if you don't care about eavesdropping. And if you do care about eavesdropping, how about using IPsec with IKE with a locally generated private key. I'd say you at least care about integrity, so at least check your hash sums if not your gpg signatures on your base linux distro and do at least that on your customizations. What is the purpose of the on-site personnel if not to receive or send a unique site password? > roland > > On Tue, Sep 6, 2016 at 2:40 PM, Robert P. J. Day <rpjday [ at ] crashcourse [ dot ] ca> wrote: > > (if there is an obvious solution to this, then i'm just missing it.) > > > > i'm pondering how best to install a new linux distro on remote > > hosts, under the assumption that there will be someone *at* the remote > > site and able to invoke the program to kick the whole thing off -- > > that part is a given. > > > > i've already written/stolen an installer which will download various > > binary images, and will (as root) partition the target disk, and > > create filesystems, and so on and so on ... again, that's not the > > issue. that the installer will have to run as root is kind of obvious, > > given its need to do low-level disk manipulation and so on, so no > > issue there. > > > > the issue is how to securely download the binary images (u-boot > > binary, root filesystem tarball, additional proprietary apps), etc, > > etc, where all those images are at a central and well-known IP > > address. so here's my thinking thus far. > > > > the consensus is that we should use "scp" to grab the images, which > > is fine with me, but how does one set this up to run "securely" in the > > first place. i can already see that the downloading does not require > > root privilege -- one can create a username like "installer", which > > has limited privileges and exists only for downloading. > > > > so do we use a password when invoking the remote account for "scp"? > > that would kind of defeat the purpose if passwords can be hacked (even > > if they're transmitted in ciphertext). > > > > each installer program could, upon being invoked at the remote site, > > create a private/public key pair for the "installer" account, but you > > can't use "ssh-copy-id" to add it to the central/server host without a > > password, so you're right back where you started. > > > > one idea i had is that downloading the base linux distro doesn't > > need to be that secure as it's just linux, but once that remote > > install comes up for the first time, it can (somehow securely) > > download the proprietary app. > > > > am i overthinking this? is there a simply solution i'm overlooking? > > > > rday slainte mhath, RGB -- Richard Guy Briggs -- ~\ -- ~\ <hpv.tricolour.ca> <www.TriColour.ca> -- \___ o \@ @ Ride yer bike! Ottawa, ON, CANADA -- Lo_>__M__\\/\%__\\/\% Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________