<br><tt><font size=2>freenx-knx-bounces@kde.org wrote on 01/08/2013 10:12:30:<br>
<br>
> Hi,</font></tt>
<br><tt><font size=2>> <br>
> Replying to an old post..</font></tt>
<br><tt><font size=2>> If you're using Freenx you can set up the following:</font></tt>
<br><tt><font size=2>> ENABLE_SU_AUTHENTICATION="1"</font></tt>
<br><tt><font size=2>> <br>
> Then you should edit /etc/ssh/sshd_config and add the following <br>
> string: AllowGroups sshadm</font></tt>
<br><tt><font size=2>> sshadm:x:90:root,nx</font></tt>
<br><tt><font size=2>> <br>
> This means that users can use the shared key to log into the server
<br>
> as the "nx" users, and then NX will "su" to their
user.</font></tt>
<br><tt><font size=2>> Users will however not be able to ssh into the
server with their account.</font></tt>
<br><tt><font size=2>> They can still log into the server as the "nx"
user via ssh, but <br>
> they would not get a usable shell (only the internal nx shell).</font></tt>
<br><tt><font size=2>> <br>
> Unfortunately I'm right now in the situation where we bought a <br>
> licence for the commercial Nomachine NX server, and it seems that
<br>
> the "su authentication" feature is not enabled there, so
I don't <br>
> know how to prevent user logins to the server via ssh.</font></tt>
<br>
<br><tt><font size=2>You can use TWO instances of sshd.</font></tt>
<br>
<br><tt><font size=2>1/ external, eg on port 2222,users nx/admins only,
key pair only</font></tt>
<br><tt><font size=2> update the nxclient
configuration</font></tt>
<br><tt><font size=2>2/ internal,(listen on 127.0.0.1 only) port 22 (with
passwordauthentication)</font></tt>
<br>
<br><a href="http://www.nomachine.com/ar/view.php?ar_id=AR06E00470"><tt><font size=2>http://www.nomachine.com/ar/view.php?ar_id=AR06E00470</font></tt></a>
<br><tt><font size=2>( they explain it the other way round, but you are
better moving your</font></tt>
<br><tt><font size=2>external sshd to a different port )</font></tt>
<br>