On Sun, Jan 07, 2007 at 05:04:00PM +0100, Marco Mandl wrote:
> This brings me to security problem. I nx adds its default key then
> everybody could use this default key to login to the corresponding
> user with a ssh client. Wrong?
Wrong. If you're using PAM, the default key only gives them access to
the nxserver account; they still have to authenticate to the user
account separately using PAM. Using the default key is slightly less
secure, but it avoids having to distribute a custom key to each nxclient
you serve.
> BTW: Why does nxserver use ssh/authorized_keys2 instead of
> ssh/authorized_keys which is used by sshd by default?
You can change this default in various ways, but it doesn't work well if
you do because the whole NX user configuration process gets borked. The
best thing to do is just make a symlink after installation:
cd ~/.ssh
cat authorized_keys2 >> authorized_keys
rm authorized_keys2
ln -s authorized_keys authorized_keys2
for each user who needs NX, and let it go at that. If you want to do
something more complicated, nomachine.com has various (and sometimes
unhelpful) walk-throughs. YMMV.
--
Unabashedly littering the information superhighway with detritus like
this for over 15 years now.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
