diff options
| -rw-r--r-- | etc/ltsp/image-local.omit-excludes | 2 | ||||
| -rw-r--r-- | etc/ltsp/ltsp.conf.itzks-systems-disklserver.in | 4 | ||||
| -rwxr-xr-x | sbin/itzks-update-disklserver-squashfs-images | 8 |
3 files changed, 13 insertions, 1 deletions
diff --git a/etc/ltsp/image-local.omit-excludes b/etc/ltsp/image-local.omit-excludes new file mode 100644 index 0000000..18d36b8 --- /dev/null +++ b/etc/ltsp/image-local.omit-excludes @@ -0,0 +1,2 @@ +root/.* +etc/ssh/ssh_host_* diff --git a/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in b/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in index 900d975..e6cc553 100644 --- a/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in +++ b/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in @@ -43,7 +43,7 @@ SEARCH_DOMAIN=intern KERNEL_PARAMETERS="quiet splash" ADD_IMAGE_EXCLUDES="/etc/ltsp/image-local.excludes" -OMIT_IMAGE_EXCLUDES="root/.*" +OMIT_IMAGE_EXCLUDES="/etc/ltsp/image-local.omit-excludes" [clients] @@ -55,6 +55,8 @@ LIGHTDM_CONF="greeter-hide-users=true" POST_INIT_USE_FQDN="sed -i '/10.0.2.2/ s/server/tjener.intern tjener/' /etc/hosts" POST_INIT_SITESUMMARY="sed -i 's/main-server/ltsp-client/' /etc/sitesummary/hostclass" MASK_SYSTEM_SERVICES="apache2 etckeeper icinga2 nmbd smbd systemd-journald isc-dhcp-server" +# uncomment this to enable SSH access to LTSP clients +#KEEP_SYSTEM_SERVICES="ssh" # Allow local root logins by setting a password hash for the root user. # The hash contains $, making it hard to escape in POST_INIT_x="sed ...". diff --git a/sbin/itzks-update-disklserver-squashfs-images b/sbin/itzks-update-disklserver-squashfs-images index e9906c6..c577fcf 100755 --- a/sbin/itzks-update-disklserver-squashfs-images +++ b/sbin/itzks-update-disklserver-squashfs-images @@ -138,6 +138,14 @@ for chroot in ${ltsp_chroots}; do done + # Copy the host's SSH host keys to the LTSP client chroot if it doesn't have any host keys + host_keys="$(find /etc/ssh/ssh_host_*)" + if [ -n "${host_keys}" ]; then + for host_key in ${host_keys}; do + cp "${host_key}" "${LTSP_OPT}/${chroot}/etc/ssh/" + done + fi + # Copy the SSH authorized_keys file for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys (e.g. disklserver:/root/.ssh/authorized_keys) # Use host's authorized_keys file for granting DLW access via SSH as root without password if [ -e "/root/.ssh/authorized_keys" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" ]; then |