Forum / NoMachine for Linux / Cannot use authentication with SSH/SSL key – free version
- This topic has 9 replies, 3 voices, and was last updated 7 years, 11 months ago by Britgirl.
-
AuthorPosts
-
December 28, 2016 at 09:41 #13287BabokParticipant
Hello, i am beginner to free NoMachine – Version 5.1.62, and trying to configure one of the authentification methods through NX protocol :
– Authentication with SSH key.
– Authentication with SSL Certificate File and SSL Certificate Key.
Since the ssh protocol is disable in the free version, I don’t know if those functions are working too.
The password based authentication is working but i am trying to find a tutorial how to set up with keys.
I installed the server on Linux and the client on Windows 10.
Here the things I did:
Set the EnableNXClientAuthentication 1 on server.cfg
Copied /etc/keys/host/nx_host_rsa_key.crt and /etc/keys/host/nx_host_rsa_key to client folder C:\ProgramData\NoMachine\nxhtd\.nx\config\
Then I launched GUI client and configured it to use private key nx_host_rsa_key.crt.
After that, I got time out after few minutes trying to connect on server.
I didn’t generated any custom SSL Keys, I took them from the NoMachine installation.
Any help would be appreciated.
December 28, 2016 at 11:23 #13308rezaParticipantPlease follow article about setting up key based authentication.
https://www.nomachine.com/AR02L00785
December 28, 2016 at 14:19 #13310BabokParticipantI also just generated client certificate (nx_client_rsa_key.crt) to the store file on the server (server.crt)
# echo “Host:localhost” > /var/NX/.nx/config/server.crt
# cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt >> /var/NX/nx/.nx/config/server.crt
# echo “Host:127.0.0.1” >> /var/NX/.nx/config/server.crt
# cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt>> /var/NX/nx/.nx/config/server.crt
Both entries for Host:localhost and Host:127.0.0.1 in server.crt look like:
Host:localhost
—–BEGIN CERTIFICATE
—– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (……)
—–END CERTIFICATE
—– Host:127.0.0.1
—–BEGIN CERTIFICATE
—– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (….)
—–END CERTIFICATE—–
And same issue
December 28, 2016 at 14:19 #13311BabokParticipantif I modify the server.cfg (/var/NX/nx/.nx/config/server.crt)
Host: <IP>
—–BEGIN CERTIFICATE
—– …
—–END CERTIFICATE
—– Host:
—–BEGIN CERTIFICATE
—– …
—–END CERTIFICATE
—– … Where <IP> is the IP address of the client.
i have an answer from the server:
Cannot accept public keys
December 28, 2016 at 14:25 #13315BritgirlKeymasterCan you confirm that you followed Reza’s recommendation to check the article?
December 28, 2016 at 14:35 #13318BabokParticipantFirst I tried to make use of Authentication with SSL Certificate File and SSL Certificate Key with article https://www.nomachine.com/AR10M00866.
Because I wasn’t sure SSH key would be enable on free version but it is, I will try the Reza’s recommendation .
December 28, 2016 at 14:36 #13309BabokParticipantThanks for the link, i will try to use ssh keys with your link.
I read this article https://www.nomachine.com/AR10M00866 but doesn’t work either with ssl keys with the free version.
I managed to set a ssh tunnel with putty client (windows port 4003) to linux server (port 4000). And i can connect to NX server with this connection settings:
connection settings: Protocol: NX Host: localhost Port: 4003 Authentication method: Password Username: user Password: ***
The issue is keys authentification (ssh/ssl)
December 30, 2016 at 09:56 #13332BabokParticipantHere some good news:
– On my ssh server, i created private and public keys, and tested until it works.
– After that, i tried Reza’s recommendation, and it works well ! i can connect by using NX protocol with SSH keys on free version and without using any ssh tunnel.
Maybe I will try with SSL Certificate File and SSL Certificate Key….
But here my last questions
– Can I only allow key authentification on nxserver as on ssh server ? I want to disable password authentication.
– Do you have any jail config and jail filter for NoMachine to use with fail2ban ? I would like to protect my server against attacks.
Thanks for your help.
December 30, 2016 at 10:11 #13333BabokParticipantI found my answer on server.cfg;
Modify the field:
#AcceptedAuthenticationMethods all
To:
AcceptedAuthenticationMethods NX-private-key
January 3, 2017 at 14:58 #13398BritgirlKeymasterFail2ban support is on our roadmap. You can view the Feature Request here:
-
AuthorPosts
This topic was marked as solved, you can't post.