[FreeNX-kNX] freenx ssh key question on CENTOS 5.8

chris at ccburton.com chris at ccburton.com
Wed May 9 11:02:10 UTC 2012 

freenx-knx-bounces at kde.org wrote on 08/05/2012 16:47:36:

I had a look at the centos rpm . . .


> Sorry for leaving out details.  That was sloppy of me.
> 
> I am on CentOS 5.8 (32-bit PAE) and I followed the instructions here:
> 
> http://wiki.centos.org/HowTos/FreeNX
> 
> It makes no mention of "nxsetup --install"



The centos rpm uses a post-install script instead.



It always generates a new unique key pair,
so
the nomachine keys won't work with centos
and
you have to copy the new key to ALL your nxclients.

> 
> I do not mind copying the key out to clients, I was just trying to 
> clarify if the key was global.
> 
> I *think* the RPM generates a new key because the instructions say this:
> 
> " In the advanced dialog window under the General Tab, you should 
> see the items you have already entered and a Key... button. You will
> need to ssh into the server which you are trying to connect and go 
> to the /etc/nxserver/ directory and open the file client.id_dsa.key 

The centos client.id_dsa.key you need for your clients is copied to both

        /etc/nxserver/
and
        $NX_HOME_DIR/.ssh ( which defaults to /var/lib/nxserver/home/.ssh 
)


> (you must be the root user to open this file). Copy all the text 
> (including the BEGIN DSA PRIVATE KEY and END DSA PRIVATE KEY lines. 
> Press the Key... button, delete the text that is in there, and paste
> the client.id_dsa.key information from the server into the Key 
> Management text box, then select Save."
> 
> Which makes me think the GUI is copying the key to some version of 
> "/var/lib/nxserver/home/.ssh/client.id_dsa.key"

This is done by the rpm post-install script . . . .

> Am I off base here?
> 
> To simplify things, I can just run "nxsetup --install" and force a 
> new key to be used even after install, right?

 . . . So . . . 

Don't do that.

If you ever need to change the keys then run nxkeygen :-

export $(grep ^NX_ETC_DIR /usr/bin/nxloadconfig)
/usr/bin/ssh-keygen -f $NX_ETC_DIR/users.id_dsa -t dsa -N ""

Check the key pair has been generated correctly
then
rename the old key pair 
and
move the new pair into their place,
then
replace the key in all your nxclients . . . .


> 
> Thanks for your help.
> 
> Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20120509/2c539d0e/attachment.html>

More information about the FreeNX-kNX mailing list