Hi!
Remote nodes are on VLAN administred by local admins.
They don’t have rights on ECS that has its own dedicated admin.
I’ve analyzed the subject and if I well understand we could use –keyadd to register the public keys of nxd of remote nodes in
/var/NX/nx/.nx/config/authorized.crt on ECS.
* Local admin
Each local admin generates new 4096-bit nxd certificate (nx_host_rsa_key) and its public key (nx_host_rsa_key.crt) for all nodes on his VLAN.
A prefix is added to each key:
cp /usr/NX/etc/keys/host/nx_host_rsa_key.crt <source_hostname>_nx_host_rsa_key.crt
All the keys are sent to ECS admin.
* ECS Admin
For each pub key received :
sudo /etc/NX/nxserver –keyadd <source_hostname>_nx_host_rsa_key.crt
=> this command updates /var/NX/nx/.nx/config/authorized.crt
Q1- Please, could you validate my understanding and this procedure ?
Q2- What about inverse mode connection if nxd certificate is changed on remote node ?
Thanks,
Regards,
Steve.