[FreeNX-kNX] Running free nx and windows nx client with ssh "no password authentication"
Richard Chapman
rchapman at aardvark.com.au
Tue May 6 16:03:00 UTC 2008
Thanks Fabian
That almost works perfectly. With the changes to node.conf (I copied it
from node.conf.example and made the changes) - I was able to make an nx
connection with ssh "passwordauthentication no". Strangely - I am
running centos 5.1 server - and have only "root" in "wheel" but was able
to log in with nx with non root users.
This is exactly what I want... but....
Now, if I log in as root (and I know I shouldn't) the connection stops
after about 1 minute whether it is busy or not... and it says
"connection timed out". There is also a second nx client tab which seems
to be stuck with "negotiating link parameters". This window appears
(underneath) even when the connection seems to be working fine - and is
still there when the connection has timed out.
If I log in as a non root user - there is no second window and no timeout...
Any ideas why I am getting this timeout symptom, and why I am able to
log in as a non root user even when the user is not in wheel?
Thanks.
Richard.
Fabian Franz wrote:
>> Hi
>> I have been using FreeNX (0.7.1.svn416-3) and the windows nx client
>> (3.0.0-83) to manage my Centos 5 server over our internal network for
>> some time. Fantastic.
>>
>
> Nice!
>
>
>> Recently - while away from the office - I opened port 22 to the internet
>> so I could manage more remotely - and this also worked fine - but within
>> 24 hours - there had been at least one brute force attack on the ssh port.
>>
>> On investigation - I found that my ssh settings allowed password
>> authentication "PasswordAuthentication yes" - which is definitely not
>> ideal because it opens the possibility of such attacks. The ssh mailing
>> list strongly recommend disabling password authentication - and that
>> makes sense to me.
>>
>> However - I found that when I disable password authentication in ssh -
>> the nx connection no longer works.
>>
>
> Here is the solution:
>
> Edit or create node.conf:
>
> Set ENABLE_SSH_AUTHENTICATION="0", set ENABLE_SU_AUTHENTICATION="1" and add nx user to wheel or utmp group so that su - works for nx user.
>
> Done.
>
> Best Wishes,
>
> Fabian
> ________________________________________________________________
> Were you helped on this list with your FreeNX problem?
> Then please write up the solution in the FreeNX Wiki/FAQ:
> http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
> Don't forget to check the NX Knowledge Base:
> http://www.nomachine.com/kb/
>
> ________________________________________________________________
> FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>
>
More information about the FreeNX-kNX
mailing list