[FreeNX-kNX] freenx ssh key question on CENTOS 5.8

Tue May 8 17:24:56 UTC 2012

freenx-knx-bounces at kde.org wrote on 08/05/2012 16:47:36:

> Sorry for leaving out details.  That was sloppy of me.
> 
> I am on CentOS 5.8 (32-bit PAE) and I followed the instructions here:
> 
> http://wiki.centos.org/HowTos/FreeNX

PASSDB

Oh yes, that does use

         /etc/nxserver/users.id_dsa 

to connect ordinary users via ssh localhost instead of
using password.

The code just runs it as a default when

         $LOGIN_METHOD = PASSDB 

so I hadn't correctly worked out how it came to be executed
(and I've never bothered with it)

The code is a bit complicated.

But
the "nx" user which sets up the ssh "tunnel" needs 

        /var/lib/nxserver/home/.ssh/client.id_dsa.key

in nxclient.

> 
> It makes no mention of "nxsetup --install"

The date on the HTML is:-

"HowTos/FreeNX (last edited 2012-05-02 13:10:54
         by <span title="christophgaluschka @ misterx.tiwag.at"

but there is stuff from 2006 still in there.

Look at :-

https://www.centos.org/modules/newbb/viewtopic.php?topic_id=32959

This show nxsetup --install being run

And look here :-

http://www.kernelhardware.org/how-to-setup-freenx/

This says the key is in

        /var/lib/nxserver/home/.ssh/client.id_dsa.key

on centos

QUOTE

freeNX SSH Keys configuration:

In order for freeNX to function securely we need to copy the ssh key from 
the remote server system to the local machines NoMachine client software.

On the remote server system copy the client.id_dsa.key contents (including 
the —BEGIN— and —- END— lines):

# cat /var/lib/nxserver/home/.ssh/client.id_dsa.key

UNQUOTE

> 
> I do not mind copying the key out to clients, I was just trying to 
> clarify if the key was global.
> 
> I *think* the RPM generates a new key because the instructions say this:
> 
> " In the advanced dialog window under the General Tab, you should 
> see the items you have already entered and a Key... button. You will
> need to ssh into the server which you are trying to connect and go 
> to the /etc/nxserver/ directory and open the file client.id_dsa.key 
> (you must be the root user to open this file). Copy all the text 
> (including the BEGIN DSA PRIVATE KEY and END DSA PRIVATE KEY lines. 
> Press the Key... button, delete the text that is in there, and paste
> the client.id_dsa.key information from the server into the Key 
> Management text box, then select Save."
> 
> Which makes me think the GUI is copying the key to some version of 
> "/var/lib/nxserver/home/.ssh/client.id_dsa.key"
> Am I off base here?

Even if you run the client on the server it won't touch the

        /var/lib/nxserver/home/.ssh/client.id_dsa.key

file  . . .

> 
> To simplify things, I can just run "nxsetup --install" and force a 
> new key to be used even after install, right?

A couple of people subscribed to this list use centos, so
they may chip in.

I don't know if they use PASSDB or ssh + ssh password

Have you installed it ?? what's do

        ls -la /etc/nxserver/
&
        ls -la /var/lib/nxserver/home/.ssh/
list.

That would be a good start.

> 
> Thanks for your help.
> 
> Dave
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20120508/ea1122d6/attachment.html>