[FreeNX-kNX] preventing data transfers over SSH, yet still allow NX sessions.
Chris
chris at ccburton.com
Fri Aug 2 11:34:47 UTC 2013
freenx-knx-bounces at kde.org wrote on 02/08/2013 10:25:55:
> In fact I did a bit more tests but I couldn't get the "match"
> configuration working.
>
> It seems to be like this
>
> 1) user authenticates via SSH with identity "nx" and the dsa key from
his IP
> 2) the user then authenticates via SSH with his account and password
> coming this time from localhost ===> i thought this would work with
> only his password, without public keys ==> but for some reason it
> seems like there's still public key authentication going on, and it
> does not work for users who don't have their public key in
> authorized_keys of their home
>
> I can't figure out why it goes like this, but then I decided to try
> with a double SSH daemon, and that works fine, it seems.
Did you put ( also )
ChallengeResponseAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
PubkeyAuthentication no
RhostsRSAAuthentication no
RSAAuthentication no
IgnoreUserKnownHosts yes
IgnoreRhosts yes
PermitEmptyPasswords no
UsePrivilegeSeparation yes
PermitRootLogin no
(see the pam blurb about this one)
inside the match body ??
It should still have fallen back to
PasswordAuthentication
tho'
so I don't think I'll be bothering with it . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20130802/5c132d44/attachment.html>
More information about the FreeNX-kNX
mailing list