[FreeNX-kNX] Re: getting nx to work with non-standard PAM setup
chris at ccburton.com
chris at ccburton.com
Wed Feb 2 19:26:18 UTC 2011
Alex Aminoff <aminoff at nber.org> wrote on 02/02/2011 14:56:23:
[SNIP]
> A separate problem. I am using nx to alternately connect to a server
that
> has a pretty standard ssh config and one that uses our special phone
auth.
> It appears that nx tries to ssh to my username from user nx at localhost
> (127.0.0.1).
Yup.
> However, my home directory, including
> ~aminoff/.ssh/known_hosts, is NFS-shared between the servers. So ssh
> writes a host key for 127.0.0.1 on one of the servers, and then when I
try
> on the other one ssh complains of a changed host key. Again, this is
Yup, but it ADDS the new 127.0.0.1 key entry
automatically
to
the ssh config files
of
the user running ssh (nx)
not
the username as which it is connecting to run nxnode (aminoff)
i.e
into the nx user' s known_hosts . . . .
/var/lib/nxserver/home/.ssh/known_hosts
not
the one in your ~/.ssh/known_hosts via NFS
and
you can have several entries for 127.0.0.1 in known_hosts anyway.
> something that can be avoided by sshing direct as the user, which I will
> try next.
Good luck. Welcome to the leading edge !!
Have you considered just using cell-phone authentication ??
> But it seems like this would be a common problem. Is using nx to
> connect to multiple servers that share homedirs by nfs not a common
usage
> pattern?
I don't see why it would be uncommon, in the deployment of clustering
nx servers for example.
>
> - Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20110202/3137c8a5/attachment.html>
More information about the FreeNX-kNX
mailing list