[FreeNX-kNX] freenx ssh key question
chris at ccburton.com
chris at ccburton.com
Tue May 8 15:26:52 UTC 2012
freenx-knx-bounces at kde.org wrote on 08/05/2012 14:32:09:
>
> Hello all.
>
> This may be a dumb question, but does freenx generate a new ssh key
> at install time
Depends what you mean by "Install Time" . . . .
You have to run nxkeygen to generate the key pair but this
is usually run from
nxsetup --install
which you need to run after installing the rpm deb etc
to set up the directories, log file,service etc.
Note ubuntu may be different, but you don't tell us your distro
The ssh keys which are used to allow the nxclient to connect
with the nx user and set up the ssh "tunnel" are located
under the nx user's home directory, i.e.
/var/lib/nxserver/home/.ssh/client.id_dsa.key
/var/lib/nxserver/home/.ssh/server.id_dsa.pub.key
This key you mention :-
> (/etc/nxserver/client.id_dsa.key) or is this a
is a mix up between old and new.
/etc/nxserver will contain a key pair:-
/etc/nxserver/users.id_dsa.pub
/etc/nxserver/users.id_dsa
. . . still generated by nxsetup tho no longer used
and
used to be the (unique) one you used for NX sessions
(after running nxnode --setkey to copy the users_id.pub.key to
/var/lib/nxserver/home/.ssh/server.id_dsa.pub.key
)
but
now you run
nxsetup --install
which defaults to generating a UNIQUE ssh key pair for
your use, you then have to manually COPY
/var/lib/nxserver/home/.ssh/client.id_dsa.key
to
all your nxclients
or it also allows you if you run
nxsetup --install --setup-nomachine-key
which doesn't generate a NEW key pair but instead allows you
to have a copy of the the
/var/lib/nxserver/home/.ssh/server.id_dsa.pub.key
coresponding to the dsa.key ALREADY SUPPLIED within
the Nomachine client, meaning that you are slightly less secure
but
don't have to manually copy the
/var/lib/nxserver/home/.ssh/client.id_dsa.key
to
all your nxclients.
> default key that needs to be replaced right away because it is the
> same everywhere?
It doesn't NEED to be replaced, but it does stop people connecting
and trying user/password combinations in an attempt to break in.
>
> Thanks,
> Dave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20120508/6843f03a/attachment.html>
More information about the FreeNX-kNX
mailing list