[FreeNX-kNX] Running free nx and windows nx client with ssh "no password authentication"

Richard Chapman rchapman at aardvark.com.au
Tue May 6 16:03:00 UTC 2008 

Thanks Fabian

That almost works perfectly. With the changes to node.conf (I copied it 
from node.conf.example and made the changes) - I was able to make an nx 
connection with ssh "passwordauthentication no". Strangely - I am 
running centos 5.1 server - and have only "root" in "wheel" but was able 
to log in with nx with non root users.

This is exactly what I want... but....
Now, if I log in as root (and I know I shouldn't) the connection stops 
after about 1 minute whether it is busy or not... and it says 
"connection timed out". There is also a second nx client tab which seems 
to be stuck with "negotiating link parameters". This window appears 
(underneath) even when the connection seems to be working fine - and is 
still there when the connection has timed out.

If I log in as a non root user - there is no second window and no timeout...

Any ideas why I am getting this timeout symptom, and why I am able to 
log in as a non root user even when the user is not in wheel?

Thanks.

Richard.







Fabian Franz wrote:
>> Hi
>> I have been using FreeNX (0.7.1.svn416-3) and the windows nx client 
>> (3.0.0-83) to manage my Centos 5 server over our internal network for 
>> some time. Fantastic.
>>     
>
> Nice!
>
>   
>> Recently - while away from the office - I opened port 22 to the internet 
>> so I could manage more remotely - and this also worked fine - but within 
>> 24 hours - there had been at least one brute force attack on the ssh port.
>>
>> On investigation - I found that my ssh settings allowed password 
>> authentication "PasswordAuthentication yes" - which is definitely not 
>> ideal because it opens the possibility of such attacks. The ssh mailing 
>> list strongly recommend disabling password authentication - and that 
>> makes sense to me.
>>
>> However - I found that when I disable password authentication in ssh - 
>> the nx connection no longer works. 
>>     
>
> Here is the solution:
>
> Edit or create node.conf:
>
> Set ENABLE_SSH_AUTHENTICATION="0", set ENABLE_SU_AUTHENTICATION="1" and add nx user to wheel or utmp group so that su - works for nx user.
>
> Done.
>
> Best Wishes,
>
> Fabian
> ________________________________________________________________
>      Were you helped on this list with your FreeNX problem?
>     Then please write up the solution in the FreeNX Wiki/FAQ:
>   http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>          Don't forget to check the NX Knowledge Base:
>                  http://www.nomachine.com/kb/ 
>
> ________________________________________________________________
>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>       https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>
>

More information about the FreeNX-kNX mailing list