[FreeNX-kNX] Re: Problem with Nx, Fluxbox and suspended sessions

Marco Passerini marco.passerini at csc.fi
Wed May 18 13:55:20 UTC 2011 

Ah in addition to this, I remembered the reason why I chose to use SU 
authentication (I have short memory and I was setting up the box a while 
ago ;D ):

I wanted to restrict the users which are able to login with SSH, and I 
did it by adding the following line to /etc/ssh/sshd_config :
AllowGroups sshadm

And the following user group:
sshadm:x:901:myusername,nx

This setup breaks in case of SSH authentication within NX, it only works 
with SU.





On 05/18/2011 03:58 PM, Marco Passerini wrote:
> The idea of a second sshd on the internal network sounds good!
>
> I configured Fail2ban to block the brute forces on SSH but also those
> users who know the shared  key and try to brute force NX with that.
>
> /etc/fail2ban/jail.conf contains the following entry:
>
> [freenx-tcpwrapper]
> enabled     = true
> filter      = freenx
> action      = hostsdeny
>                 sendmail-whois[name=FreeNX, sender=hostemail at email.com,
> dest=myemail at email.com]
> logpath     = /var/log/messages
>
>
> Then I created a file /etc/fail2ban/filter.d/freenx.conf
> [INCLUDES]
> before = common.conf
> [Definition]
> _daemon = nxserver
> failregex = ^.*\(nx\) Failed login for user=(.*) from IP=<HOST>\s*
> ignoreregex =
>
>
>
>
> On 05/18/2011 02:49 PM, chris at ccburton.com wrote:
>> Marco Passerini<marco.passerini at csc.fi>   wrote on 18/05/2011 12:25:32:
>>
>>> Ok that does the job! Now there is an .Xauthority file containing the
>>> cookie in each user folder.
>>> Thanks a lot for your help!
>>>
>>> By the way I also fixed fail2ban to work with the SSH authentication so
>> What did you do??
>>
>>> I might switch to that mode, if it's more common.
>> It's the default, so therefore more common by default (I expect).
>>
>> I run two sshd-es, so I don't have to have password authentication enabled
>> on an external interface.
>>
>> I also avoid port 22 on the external interface, so the logs don't
>> get filled up with failed attempts . . . .
>>
>> cb
>
> ________________________________________________________________
>       Were you helped on this list with your FreeNX problem?
>      Then please write up the solution in the FreeNX Wiki/FAQ:
>
> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
>
>           Don't forget to check the NX Knowledge Base:
>                   http://www.nomachine.com/kb/
>
> ________________________________________________________________
>         FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>        https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________


-- 
Marco Passerini
System Specialist
CSC  IT Center for Science
Mobile: +358 50 381 8424
E-Mail: marco.passerini at csc.fi

More information about the FreeNX-kNX mailing list