- This topic has 4 replies, 3 voices, and was last updated 8 years, 4 months ago by
.
-
Posts
-
I have two machines connected with SSH keys and no passwords enabled. I’m by no means an expert, but from what I’ve read on SSH this is an adequately secure type of connection.
Today I installed NoMachine (free version) and, while I was very impressed with the software, I was somewhat concerned with the level of security. This may just be my ignorance, but the ease at which I was able to establish the connection using only my username and password made me think that this is substantially less secure than my SSH connections. Also, I was not pleased to see that my system was being broadcast over the network as being a NoMachine host.
Is there a good guide where I can read how a moderately paranoid person would go about using NoMachine securely? My Googling and searching through the documentation did not turn up anything, but perhaps I am using the wrong search words.
There is nothing to configure. One of NoMachine’s first priorities to work out-of-the-box is security as you can read in our online documentation:
https://www.nomachine.com/AR10K00705
https://www.nomachine.com/AR11K00739If you prefer, you can set up key-based authentication with the NX protocol as described here:
https://www.nomachine.com/AR02L00785
Alternatively, you can use SSH. This is a feature available in the Enterprise range as mentioned in article AR11K00739 above.
If you really want to go into detail about the different types of authentication that we support, check out the document about Authentication
https://www.nomachine.com/DT07M00088For your question about the broadcast feature on LAN, you can disable it. See the tutorial here: https://www.nomachine.com/finding-other-nomachine-computers-on-the-same-network
Thanks for the response. Those articles have answered most of my questions.
However, one thing I cannot figure out is how to disable password authentication on the server? The point of having key-based authentication for me is so that I can disable password authentication and avoid brute force comprises.
Please set AcceptedAuthenticationMethods key in server.cfg.
This key was made available in latest update of NoMachine 5.
#
# Specify how clients will have to authenticate to the server, by
# default all the available methods are supported. This corresponds
# to value all. To specify a subset of methods use a comma-separated
# list.
#
# Supported methods for connections by NX protocol are:
# NX-password : Password authentication.
# NX-private-key: Key-based authentication.
# NX-kerberos : Kerberos ticket-based authentication.
#
# Supported methods for connections by SSH protocol are:
# SSH-system : All methods supported for the system login.
# SSH authentication methods for the system login
# have to be set on the system for example in the
# PAM configuration.
# SSH-nomachine : Server-based DSA key and password authentication.
#
# For example:
# AcceptedAuthenticationMethods NX-private-key,SSH-system
#
# This key has to be used in conjunction with ClientConnectionMethod.
# See also the EnableNXClientAuthentication key for enabling SSL
# SSL client authentication for connections by NX protocol.
#
#AcceptedAuthenticationMethods all
This topic was marked as solved, you can't post.