Home | News | Download | Packages | Forum | Wiki | Github

Thin VOID?

(James Aanderson) #1

I’ve been thinking about a hybrid thin linux architecture for some time. More or less a bootable ISO, with a lightweight X, some VPN utilities and thats about it.

Rather than netboot, the ISO would boot normally, then interrogate sda1 (a usb key) for a configuration file, and then mount /home and /usr over a ppp/ssh vpn. All server side applications can then be wrapped in a utility that checks the client side usb stick creds before running.

The point being, that an administrator could hand a user a CD and a usb stick with creds, and send him out the door, knowing that every application execution was authenticated to the usb key, and that 100% of LAN traffic was ciphered 100% of the time. You wouldn’t need passwords. The ssh pub/key pair would be removable (on the usb stick) and would act like a brass key.

Essentially all the good from thin client land, in a way that is a bit more secure than is typically done in thin client installs, and WAY less grabastic than is typically done on the average corporate LAN.

Anybody heard of anybody doing anything like this in FOSS?

Anybody interested?

(notpod) #2

Interesting. If I were to attempt I would use ‘tiny core linux’. RAM based. Everyboot is a fresh copy from the “read only” USB. R/W storage is possible.

tiny core is awesome for kiosks. Not that you could not do it with void or any other “lite” linux.

(Michael Aldridge) #3

This would not be that difficult to implement as a target within the mklive system. By definition those are clean systems loaded each time since the underlying media is a squashfs. All you’d need to do is prepare your scripts and include them to a built ISO. This would let you setup the system fairly easily.

A suggestion though: don’t mount /home over the network. Have a local home, but a directory within that that maps to your persistent storage somewhere else. With baked in systems its hard to troubleshoot when you don’t have a local home directory.