home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] how to best (securely?) install S/W on 1000s of remote sites?

  • Subject: Re: [OCLUG-Tech] how to best (securely?) install S/W on 1000s of remote sites?
  • From: Rob Echlin <rob [ at ] echlin [ dot ] ca>
  • Date: Fri, 23 Sep 2016 02:33:34 +0000 (UTC)
Hi Rob,I think you need to make sure that you are downloading from the site you want, and the site wants to download only to  you.This means you can use a secure SSH key for the download account for that site.It goes in your installer and that should be all the security you need.Man in the middle will fail, no one but you can get in.
If you think someone has stolen a copy of your installer, you change the key.If you are properly paranoid, you monitor that account, and only let it have download privileges.
Does this rather simple-minded approach meet your needs?
All my very best,Rob
 -- Rob Echlin, B. Eng. 613-266-8311 -  Ottawa, ONhttps://www.flickr.com/photos/rob_echlin/ - http://talksoftware.wordpress.com 

    On Wednesday, September 7, 2016 11:48 PM, RICHARD LEIR <rick [ dot ] leir [ at ] rogers [ dot ] com> wrote:
 
 

 did you look at Koan (sub-package of Cobbler)?KoanDoesReinstall – cobbler

|   |
|   |   |   |   |   |
| KoanDoesReinstall – cobblerReinstallation In some scenarios you may need to reinstall an existing Linux system without having the ability to PXE it.  |
|  |
| View on fedorahosted.org | Preview by Yahoo |
|  |
|   |


 

(if there is an obvious solution to this, then i'm just missing it.)

  i'm pondering how best to install a new linux distro on remote
hosts, under the assumption that there will be someone *at* the remote
site and able to invoke the program to kick the whole thing off --
that part is a given.


  
_______________________________________________
Linux mailing list
Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca
http://oclug.on.ca/mailman/listinfo/linux