[FreeNX-kNX] User authentication

Jeffrey Borg jeffrey at borgs.net
Tue Aug 22 22:23:33 UTC 2006 

On Tue, 22 Aug 2006, Bram Biesbrouck wrote:

> On Tuesday 22 August 2006 15:48, Jeffrey Borg wrote:
>> Hi,
>>
>> Basically nx works by logging in via ssh as the "nx" user which has
>> nxserver for it's shell.
>>
>> You can either use the nomachine key (preinstalled in the client)
>> or change this key.
>>
>> As with all ssh based things - you can have multiple
>> keys for the same nx user. - in fact you can use the existing keys. Just
>> grab each users ~/.ssh/authorized_keys file and put it into the
>> ~nx/.ssh/authorized_keys  - then tell the user to paste their private key
>> into the nx client )
>>
>>
>> Once the nx client logs in via nx at hostname the nxserver script can either
>> use ssh (using passwords) or su (using passwords) to actually login as
>> the user.
>
> Ok, I understand, thanks for the extensive explenation.
> So I recon there is no way to use RSA keys to login _and_ differentiate users,
> based on the used key, without using passwords?

No the commercial nx clients/servers and freenx:-) use a pipe over a shell 
to communicate. This is done via the nx user logging in via ssh.

>> If you want nx without this then you can not use the no machine client you
>> will have to use nxnode directly. (more complex)
>
> Does this mean logging in with nx at hostname and then using the shell to login
> to the target machine, and finally launching the app from CLI, or does it
> mean something else?

It's not bash running as the nx user but nxserver running only. The client 
then passes instructions to the nx server script to start the session. 
The nx server script has to change user to start the components required 
to get nx up and going.

Basically freenx and nx server get a string of options (generated by the 
client) and just setup the session.

> b.
>
>> nx is not really equal to ssh BUT it does use ssh.
>>
>> On Tue, 22 Aug 2006, Bram Biesbrouck wrote:
>>> On Tuesday 22 August 2006 15:00, Jeffrey Borg wrote:
>>>> Hi,
>>>>
>>>> If your ssh server is configured only to use keys and not passwords.
>>>> edit the node.conf file and use su authentication instead of ssh.
>>>
>>> Hmm, I don't get this. How do I transfer the key from the client to the
>>> server then? I'm looking for a way to use a RSA key, instead of a
>>> password, to log in to the server, using nxclient. Since all users have
>>> their own key (stored on a stick), the key moves around, and needs to be
>>> transferred to the server somehow.
>>> I don't know, I'm just thinking out loud, perhaps I'm missing something
>>> about the inner workings of NX...
>>>
>>>> If you want more security don't use the nomachine ssh key for the nx
>>>> user. Generate your own set and put the private key for the nx user into
>>>> the nomachine client.
>>>
>>> Can I use this approach and define a set of valid keys on the server,
>>> instead of a single one?
>>>
>>> Thanks for the quick answer,
>>>
>>> Bram
>>>
>>>> On Tue, 22 Aug 2006, Bram Biesbrouck wrote:
>>>>> Hi all,
>>>>>
>>>>> I'm trying to login into the freenx server, using authentication keys,
>>>>> instead of passwords. Is there any support for this? Can't find any
>>>>> option in the Nomachine client for this either...
>>>>>
>>>>> Bram
>>>>
>>>> ________________________________________________________________
>>>>      Were you helped on this list with your FreeNX problem?
>>>>     Then please write up the solution in the FreeNX Wiki/FAQ:
>>>>   http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>>>>          Don't forget to check the NX Knowledge Base:
>>>>                  http://www.nomachine.com/kb/
>>>>
>>>> ________________________________________________________________
>>>>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>>>>       https://mail.kde.org/mailman/listinfo/freenx-knx
>>>> ________________________________________________________________
>>>
>>> ________________________________________________________________
>>>     Were you helped on this list with your FreeNX problem?
>>>    Then please write up the solution in the FreeNX Wiki/FAQ:
>>>  http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>>>         Don't forget to check the NX Knowledge Base:
>>>                 http://www.nomachine.com/kb/
>>>
>>> ________________________________________________________________
>>>       FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>>>      https://mail.kde.org/mailman/listinfo/freenx-knx
>>> ________________________________________________________________
>>
>> ________________________________________________________________
>>      Were you helped on this list with your FreeNX problem?
>>     Then please write up the solution in the FreeNX Wiki/FAQ:
>>   http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>>          Don't forget to check the NX Knowledge Base:
>>                  http://www.nomachine.com/kb/
>>
>> ________________________________________________________________
>>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>>       https://mail.kde.org/mailman/listinfo/freenx-knx
>> ________________________________________________________________
> ________________________________________________________________
>     Were you helped on this list with your FreeNX problem?
>    Then please write up the solution in the FreeNX Wiki/FAQ:
>  http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>         Don't forget to check the NX Knowledge Base:
>                 http://www.nomachine.com/kb/
>
> ________________________________________________________________
>       FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>      https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>

More information about the FreeNX-kNX mailing list