On Saturday 15 April 2006 04:21, Scott Leighton wrote:
On Thursday 13 April 2006 12:28 pm, Greg Freemyer wrote:
I've been using NXfree as a client in the office where I have not worried about ssh keys.
Does anyone know how to do this with SUSE 10 and the NX server in the distro?
Details: Prior to doing anything today I had ssh and NXfree working but they used simple password authentication.
I want to restrict all secure shell access to people with keys so I can open up the firewall port.
I have my server user account ssh working now, but I can't get the NXfree client to connect via the same key.
Is their something special I need to do.
What I've done so far:
On my client pc (windows) I used cygwin to create a key pair:
ssh-keygen -t rsa
I uploaded the public key to my servers .ssh user directory
scp .ssh/id_rsa.pub gaf@my_server:.ssh/
logged into server and created the authorized_keys file
cp id_rsa.pub > authorized_keys
Then I tried logging into the server via standard ssh and no password from the original client pc. It works. Good.
Now for NXclient. I start it up on the pc client and go to the config. I hit key and import in the private key that pairs with the above. That seems to be what the various howto's I found say to do.
Seems to work, but when I try to connect NXfree fails. Even if I put in my user account password for the server, NXfree fails.
If I go back to the config-key dialog box and reset to the default key I can login with my password.
Ideas?
Greg,
I could be way off base here, but I think that nxserver uses its own key system, not the ssh key. If memory serves, you have to generate a 'custom key' for the server, that key resides at /var/lib/nxserver/home/.ssh with the file name client.id_dsa.key
That's the key that you have to copy/paste into the config-key dialog box on the client side.
I know it works with 9.3, I have it working, but I'm not sure if it is the same for 10.0.
Scott
Greg I use FreeNx on SuSe 10.0 and 10.1. I use ssh username/password authentication scheeme though. This is the way I set it up: SSH Configuration ============== The following changes need to be made for SSH: User Group to control access --------------------------------------- Create Group “remotessh”, Add users that are allowed remote access to the group. In file /etc/ssh/sshd_config add the following lines to bottom of file: # # Westrick GmbH Configuration # Port <not-port-22> AllowGroups remotessh GatewayPorts yes X11DisplayOffset 50 X11Forwarding yes restart ssh server with: “rcsshd restart” In file /etc/ssh/ssh_config Add lines: ForwardAgent yes ForwardX11 yes Then for each known host with alternate port add following lines before “Host *” line: Host jerry.westrick.com Port <not-port-22> Setup NxServer ============ Install the nxserver software with yast. Execute following command in root-shell nxsetup --install -–setup-nomachine-key Edit /etc/nxserver/node.conf: change port to <not-port-22> SSHD_PORT=<not-port-22> Enable SSH Authentication ENABLE_SSH_AUTHENTICATION=”1” Add user nx to remotessh group! Download nxclient from http://www.nomachine.com/download.php . ---------------------------------------------------------------------------------------- When connecting you need to specify 2 options: 1.General->Server->Port is <not-port-22>. 2.Advanced->Network->Enable SSL encryption of all traffic is enabled. Then I can control who is allowed to remote into the machine by adding and removing users from the remotessh group... Jerry Westrick