[FreeNX-kNX] preventing data transfers over SSH, yet still allow NX sessions.

Marco Passerini marco.passerini at csc.fi
Mon Aug 12 13:57:44 UTC 2013 

The only line I wrote after the match block is the following:

Match Address 127.0.0.1
     PasswordAuthentication yes

The lines you wrote (ChallengeResponseAuthentication etc.) were all 
before the match block.


On 2013-08-02 14:34, Chris wrote:
>
> freenx-knx-bounces at kde.org wrote on 02/08/2013 10:25:55:
>
>  > In fact I did a bit more tests but I couldn't get the "match"
>  > configuration working.
>  >
>  > It seems to be like this
>  >
>  > 1) user authenticates via SSH with identity "nx" and the dsa key from
> his IP
>  > 2) the user then authenticates via SSH with his account and password
>  > coming this time from localhost ===> i thought this would work with
>  > only his password, without public keys ==> but for some reason it
>  > seems like there's still public key authentication going on, and it
>  > does not work for users who don't have their public key in
>  > authorized_keys of their home
>  >
>  > I can't figure out why it goes like this, but then I decided to try
>  > with a double SSH daemon, and that works fine, it seems.
>
> Did you put ( also )
>
>          ChallengeResponseAuthentication no
>          GSSAPIAuthentication no
>          HostbasedAuthentication no
>          KerberosAuthentication no
>          PubkeyAuthentication no
>          RhostsRSAAuthentication no
>          RSAAuthentication no
>          IgnoreUserKnownHosts yes
>          IgnoreRhosts yes
>          PermitEmptyPasswords no
>          UsePrivilegeSeparation yes
>          PermitRootLogin no
>            (see the pam blurb about this one)
>
> inside the match body ??
>
> It should still have fallen back to
>           PasswordAuthentication
> tho'
> so I don't think I'll be bothering with it . . .
>
>
>
> ________________________________________________________________
>       Were you helped on this list with your FreeNX problem?
>      Then please write up the solution in the FreeNX Wiki/FAQ:
>
> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
>
>           Don't forget to check the NX Knowledge Base:
>                   http://www.nomachine.com/kb/
>
> ________________________________________________________________
>         FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>        https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>

More information about the FreeNX-kNX mailing list