[FreeNX-kNX] Re: got: "cannot create directory `/home/.nx'"

Kurt Pfeifle k1pfeifle at gmx.net
Tue Oct 19 17:06:01 UTC 2004


On Tuesday 19 October 2004 18:15, Rick Stout wrote:
> 
> Jean-Eric Cuendet wrote:
> > 
> >> Just a thought. I don't think its a good idea to use or recommend the 
> >> --setup-nomachine-key option. Its never a good idea to use default 
> >> security settings, and a dsa key that gives you access to a server is 
> >> definetly not a good idea. I realize its not the default, but maybe we 
> >> should remove the nomachine key setup option, and leave the key in the 
> >> README for anyone that NEEDS to use it. That will make it much more 
> >> difficult to use, but not impossible for anyone who would absolutely 
> >> need to use it.
> > 
> > 
> > I think that you are right by saying:
> >  "<snip>Its never a good idea to use default security settings"
> > But in this case, I don't understand how to do when you have more than 
> > one server to connect to? If the 2 servers have the nomachine key, then 
> > I can have only one client.id_dsa file for the 2 servers. But if each 
> > server has its' own key, how to do it?
> > There should be a way, no?
> > -jec
> 
> Steps:
> 
> Setup Server1 and create client.id_dsa.key and server.id_dsa.pub.key
> Setup Server2
> copy server.id_dsa.pub.key from server1 to server2
> [ repeat above step on server3, server4,.... server9478 ]

What if I don't have control over both (or all 9478) servers?
What if I need to access my employer's as well as 4 different
customers' servers?

> on server2 copy server1's server.id_dsa.pub.key to authorized_keys2
> [ repeat above step on server3, server4,.... server9478 ]
> copy client.id_dsa.key from server1 to client.
> connect to both servers with one key.
> 
> Voila!
> 
> Its actually the same process that you would use if you have multiple 
> computers that you want to ssh into. You keep your id_dsa file secret, 
> but place id_dsa.pub on every computer you want to connect to. SSH does 
> the rest.

Cheers,
Kurt



More information about the FreeNX-kNX mailing list