On Sun, 07 Jan 2007 10:45:57 -0800, Todd A. Jacobs wrote: > On Sun, Jan 07, 2007 at 05:04:00PM +0100, Marco Mandl wrote: > >> This brings me to security problem. I nx adds its default key then >> everybody could use this default key to login to the corresponding >> user with a ssh client. Wrong? > > Wrong. If you're using PAM, the default key only gives them access to > the nxserver account; they still have to authenticate to the user > account separately using PAM. Using the default key is slightly less > secure, but it avoids having to distribute a custom key to each nxclient > you serve.
I set the following in sshd_config. This made the public key authentication work. But now there is no password challenge anymore. PAM seems to be deactivated. How can I activate both PKA and PAM? RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys A default key for authenticating against nxserver and then PAM to authenticate the user does not make me feel save. How have nxserver to authenticate the user with a key generated by myself? > >> BTW: Why does nxserver use ssh/authorized_keys2 instead of >> ssh/authorized_keys which is used by sshd by default? > > You can change this default in various ways, but it doesn't work well if > you do because the whole NX user configuration process gets borked. The > best thing to do is just make a symlink after installation: I understand that. But is there reason behind not using the default authorized_keys file? /m -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
