<br><tt><font size=2>freenx-knx-bounces@kde.org wrote on 08/05/2012 14:32:09:<br>
<br>
> <br>
> Hello all.<br>
> <br>
> This may be a dumb question, but does freenx generate a new ssh key
<br>
> at install time</font></tt>
<br>
<br><tt><font size=2>Depends what you mean by "Install Time"
. . . .</font></tt>
<br>
<br><tt><font size=2>You have to run nxkeygen to generate the key pair
but this</font></tt>
<br><tt><font size=2>is usually run from</font></tt>
<br>
<br><tt><font size=2> nxsetup
--install</font></tt>
<br>
<br><tt><font size=2>which you need to run after installing the rpm deb
etc</font></tt>
<br><tt><font size=2>to set up the directories, log file,service etc.</font></tt>
<br><tt><font size=2>Note ubuntu may be different, but you don't tell us
your distro</font></tt>
<br>
<br>
<br><tt><font size=2>The ssh keys which are used to allow the nxclient
to connect</font></tt>
<br><tt><font size=2>with the nx user and set up the ssh "tunnel"
are located</font></tt>
<br><tt><font size=2>under the nx user's home directory, i.e.</font></tt>
<br>
<br><tt><font size=2> /var/lib/nxserver/home/.ssh/client.id_dsa.key
/var/lib/nxserver/home/.ssh/server.id_dsa.pub.key
</font></tt>
<br>
<br><tt><font size=2>This key you mention :-</font></tt>
<br>
<br><tt><font size=2>> (/etc/nxserver/client.id_dsa.key) or is this
a </font></tt>
<br>
<br><tt><font size=2>is a mix up between old and new.</font></tt>
<br>
<br>
<br><tt><font size=2>/etc/nxserver will contain a key pair:-</font></tt>
<br>
<br><tt><font size=2> /etc/nxserver/users.id_dsa.pub</font></tt>
<br><tt><font size=2> /etc/nxserver/users.id_dsa</font></tt>
<br>
<br>
<br><tt><font size=2> . . . still generated by nxsetup tho no longer
used</font></tt>
<br><tt><font size=2>and</font></tt>
<br><tt><font size=2>used to be the (unique) one you used for NX sessions</font></tt>
<br><tt><font size=2>(after running nxnode --setkey to copy the users_id.pub.key
to</font></tt>
<br>
<br><tt><font size=2> /var/lib/nxserver/home/.ssh/server.id_dsa.pub.key<br>
</font></tt>
<br><tt><font size=2>)</font></tt>
<br>
<br><tt><font size=2>but</font></tt>
<br><tt><font size=2>now you run</font></tt>
<br>
<br>
<br><tt><font size=2> nxsetup
--install</font></tt>
<br>
<br>
<br><tt><font size=2>which defaults to generating a UNIQUE ssh key pair
for</font></tt>
<br><tt><font size=2>your use, you then have to manually COPY</font></tt>
<br>
<br><tt><font size=2> /var/lib/nxserver/home/.ssh/client.id_dsa.key</font></tt>
<br>
<br><tt><font size=2>to</font></tt>
<br><tt><font size=2>all your nxclients</font></tt>
<br>
<br><tt><font size=2>or it also allows you if you run</font></tt>
<br>
<br>
<br>
<br><tt><font size=2> nxsetup --install
--setup-nomachine-key</font></tt>
<br>
<br>
<br>
<br><tt><font size=2>which doesn't generate a NEW key pair but instead
allows you</font></tt>
<br><tt><font size=2>to have a copy of the the</font></tt>
<br>
<br><tt><font size=2>/var/lib/nxserver/home/.ssh/server.id_dsa.pub.key</font></tt>
<br>
<br><tt><font size=2>coresponding to the dsa.key ALREADY SUPPLIED within</font></tt>
<br><tt><font size=2>the Nomachine client, meaning that you are slightly
less secure</font></tt>
<br><tt><font size=2>but</font></tt>
<br><tt><font size=2>don't have to manually copy the</font></tt>
<br>
<br><tt><font size=2> /var/lib/nxserver/home/.ssh/client.id_dsa.key</font></tt>
<br>
<br><tt><font size=2>to</font></tt>
<br><tt><font size=2>all your nxclients.</font></tt>
<br>
<br>
<br><tt><font size=2>> default key that needs to be replaced right away
because it is the <br>
> same everywhere?</font></tt>
<br>
<br><tt><font size=2>It doesn't NEED to be replaced, but it does stop people
connecting</font></tt>
<br><tt><font size=2>and trying user/password combinations in an attempt
to break in.</font></tt>
<br><tt><font size=2><br>
> <br>
> Thanks,<br>
> Dave<br>
> <br>
</font></tt>