I got this to work. Somehow I broke FreeNX in the process, but a full uninstall/reinstall of both the rpm and the actual environment did the trick. Steps to follow that should work: 0) Uninstall FreeNX: "nxsetup --uninstall --purge" followed by using yast to remove the rpm 1) Ensure openssh is installed with a vanilla /etc/ssh/sshd_config file 2) Install FreeNX via yast 3) run "nxsetup --install" (Note that the lack of --setup-nomachine-key) 4) per the output from above copy the newly generated nx private key to your clients and install in the various nx-clients. Note that all nx-clients share this one key!!! 5) Edit /etc/nxserver/node.conf to ENABLE_SU_AUTHENTICATION 6) Add nx to the users group ("groupmod -A nx users") 7) Edit /etc/ssh/sshd_config and disable ChallengeResponseAuthentication Now ssh works if, and only if, you have the appropriate private / public key setup working. And the NXfree client works if, and only if, you have the unique private key installed. I suspect I could get NXfree to use unique key pairs per user but I don't need that for my environment. Unless someone sees something I did wrong, I'm now going to open up my firewall's ssh port. Greg On 4/15/06, Jerry Westrick <jerry@westrick.com> wrote:
On Saturday 15 April 2006 04:21, Scott Leighton wrote:
On Thursday 13 April 2006 12:28 pm, Greg Freemyer wrote:
I've been using NXfree as a client in the office where I have not worried about ssh keys.
Does anyone know how to do this with SUSE 10 and the NX server in the distro?
Details: Prior to doing anything today I had ssh and NXfree working but they used simple password authentication.
I want to restrict all secure shell access to people with keys so I can open up the firewall port.
I have my server user account ssh working now, but I can't get the NXfree client to connect via the same key.
Is their something special I need to do.
What I've done so far:
On my client pc (windows) I used cygwin to create a key pair:
ssh-keygen -t rsa
I uploaded the public key to my servers .ssh user directory
scp .ssh/id_rsa.pub gaf@my_server:.ssh/
logged into server and created the authorized_keys file
cp id_rsa.pub > authorized_keys
Then I tried logging into the server via standard ssh and no password from the original client pc. It works. Good.
Now for NXclient. I start it up on the pc client and go to the config. I hit key and import in the private key that pairs with the above. That seems to be what the various howto's I found say to do.
Seems to work, but when I try to connect NXfree fails. Even if I put in my user account password for the server, NXfree fails.
If I go back to the config-key dialog box and reset to the default key I can login with my password.
Ideas?
Greg,
I could be way off base here, but I think that nxserver uses its own key system, not the ssh key. If memory serves, you have to generate a 'custom key' for the server, that key resides at /var/lib/nxserver/home/.ssh with the file name client.id_dsa.key
That's the key that you have to copy/paste into the config-key
dialog box on the client side.
I know it works with 9.3, I have it working, but I'm not sure
if it is the same for 10.0.
Scott
Greg I use FreeNx on SuSe 10.0 and 10.1.
I use ssh username/password authentication scheeme though. This is the way I set it up:
SSH Configuration
The following changes need to be made for SSH: User Group to control access
Create Group "remotessh", Add users that are allowed remote access to the group.
In file /etc/ssh/sshd_config add the following lines to bottom of file: # # Westrick GmbH Configuration # Port <not-port-22> AllowGroups remotessh GatewayPorts yes X11DisplayOffset 50 X11Forwarding yes
restart ssh server with: "rcsshd restart"
In file /etc/ssh/ssh_config
Add lines: ForwardAgent yes ForwardX11 yes
Then for each known host with alternate port add following lines before "Host *" line: Host jerry.westrick.com Port <not-port-22>
Setup NxServer
Install the nxserver software with yast.
Execute following command in root-shell nxsetup --install -–setup-nomachine-key
Edit /etc/nxserver/node.conf: change port to <not-port-22> SSHD_PORT=<not-port-22>
Enable SSH Authentication ENABLE_SSH_AUTHENTICATION="1"
Add user nx to remotessh group!
Download nxclient from http://www.nomachine.com/download.php .
When connecting you need to specify 2 options: 1.General->Server->Port is <not-port-22>. 2.Advanced->Network->Enable SSL encryption of all traffic is enabled.
Then I can control who is allowed to remote into the machine by adding and removing users from the remotessh group...
Jerry Westrick
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
-- Greg Freemyer The Norcross Group Forensics for the 21st Century