- This topic has 2 replies, 2 voices, and was last updated 7 years, 10 months ago by
.
-
Posts
-
Not sure whether this was better in the Windows forum or the Linux forum since I’m using both, but I have a working Linux client and the server is on Windows… I think the problem I have will have to be resolved there.
Environment: I am building 100 or so individual environments that have 1 single Windows NoMachine server that is a virtual machine. Its client will be a 100% locked down Linux client. So all 100 setups will have 1 server and 1 client each. All environments will be identical with the server always at 1 IP address and the client always on the other.
I have a working Linux physical install that I am trying to boot from ISO’s on the hard drive to make them utterly unchangeable since the client hardware will be accessible to users. My problem is the SSH fingerprints. All the servers have different fingerprints. I have tried everything I know to do to swap out host keys, but the ISO still sees the change when I carry an ISO to a different client and let it connect to its “server” on the same IP address.
I need to make all my servers look identical to a static unchangeable Linux client.
You Linux machines have to be prepared in advance to have a correct key with correct IP of Windows server.
Depending on protocol you use you have to store server key in following files:
~/.ssh/authorized_keys for SSH protocol
~/.nx/config/client.crt for NX protocol
More about keys used in NoMachine can be found here:
https://www.nomachine.com/AR04K00665
I understand what you are saying.. but here is a slightly different way of asking for what I need.
I have the live cd ISO image fully configured with a desktop shortcut pointed to the specific IP address that all servers will be on in the real environment. I also have the key of my testing and proofing environment. In my live environment, all my servers are already on the correct IP address, but I need to make the host keys on all of my servers identical to to my test environment because I can’t change the config of my client once I have “locked” it in in the ISO file.
I realize the security aspect of this, but in my environment limiting the client side from all ability to be tampered with and change is, by far, the bigger security concern.
This topic was marked as closed, you can't post.