[FreeNX-kNX] keys: where? public key auth on no-passwd accounts
Dexter Filmore
Dexter.Filmore at gmx.de
Tue Aug 2 20:44:28 UTC 2005
>
> > So I cp client.id_dsa.key *from* the server, where I generated it - *to* the
> > client - to /home/nx/.ssh/? or somewhere else?
>
> you have to copy the private key of the nx-user to the client, so the client
> can log in as nx at remote with no passphrase. The passphrase of your
> account at remote will be authenticated from within nx.
>
> Iff you use the "plain" nxclient installation, the client will try to connect
> with the "private"-nomachine key and therefore the public-part of the key has
> to reside in ~nx/.ssh/authorized_keys (for openssh) on the remote-hosts. In
> _this_ case, you don't have to replace your local client-key (this
> server-configuration will be achieved with --setup-no-machine-key)
>
> 80% of the authorization problems of nx are ssh related and therefore please
> consider the documentation of public-key-authorization from the ssh, too!
> (With reminds of the nx-user-schema)
>
> hope this clarifies it for now.
Almost. first of all I tried chmodding the client key to 600 else ssh would
complain. running
# ssh -i /home/nx/.ssh/client.id_dsa.key nx@<remote>
still asked for nx@<remote>'s password.
since nx doesnt have one, i logged in there and gave it one. so now I can log
in there, and get the NX shell, but I have to provide the password for the nx
account. Funny: with my regular user account I can log into the remote
machine without a password. So it works, but I listed the machine and public
key somewhere on teh remote system iirc. So - must be possible, but who's the
culprit here now, NX or sshd? Suspect the latter.
More information about the FreeNX-kNX
mailing list