[FreeNX-kNX] preventing data transfers over SSH, yet still allow NX sessions.
Chris
chris at ccburton.com
Thu Aug 1 09:41:19 UTC 2013
freenx-knx-bounces at kde.org wrote on 01/08/2013 10:12:30:
> Hi,
>
> Replying to an old post..
> If you're using Freenx you can set up the following:
> ENABLE_SU_AUTHENTICATION="1"
>
> Then you should edit /etc/ssh/sshd_config and add the following
> string: AllowGroups sshadm
> sshadm:x:90:root,nx
>
> This means that users can use the shared key to log into the server
> as the "nx" users, and then NX will "su" to their user.
> Users will however not be able to ssh into the server with their
account.
> They can still log into the server as the "nx" user via ssh, but
> they would not get a usable shell (only the internal nx shell).
>
> Unfortunately I'm right now in the situation where we bought a
> licence for the commercial Nomachine NX server, and it seems that
> the "su authentication" feature is not enabled there, so I don't
> know how to prevent user logins to the server via ssh.
You can use TWO instances of sshd.
1/ external, eg on port 2222,users nx/admins only, key pair only
update the nxclient configuration
2/ internal,(listen on 127.0.0.1 only) port 22 (with
passwordauthentication)
http://www.nomachine.com/ar/view.php?ar_id=AR06E00470
( they explain it the other way round, but you are better moving your
external sshd to a different port )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20130801/675faf07/attachment.html>
More information about the FreeNX-kNX
mailing list