Ssh-agent integration client side, "Forward Authentication"

Forum / NoMachine for Linux / Ssh-agent integration client side, "Forward Authentication"

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #16827
    dkebler
    Participant

    I keep my private keys encrypted in keepass and use kee-agent combined with openssh ssh-agent to access my private keys for ssh terminal sessions.  This works great.  I can ssh to a host and private key it needs will be send by ssh-agent.

    Previously I have no problem connecting to my NoMachine server using NX if I make my private key file available but for security reasons I have moved to using keepass/ssh-agent to hold my private keys as private key files laying about on multiple machines is a security issue

    I have read this https://www.nomachine.com/DT07M00088&dn=key%20agent

    And did set up my NoMachine server to use ssh as it seems nx protocol does not support client side key agents.

    But here is the holdup in the NoMachine client it insists on having an actual file available (Please set a key file..) on the client machine even though I have checked the “Forward Authentication” choice

    So I am stuck here.  I can’t get by this point as long as the client insists on a file.

    Using an agent the NoMachine client shouldn’t even need to know which private key is needed as the ssh-agent will provide the ssh server whatever is needed just like it does when I connect via the ssh commandline.

    How to resolve this issue?

     

     

    #16840
    kroy
    Contributor

    You should be able to authenticate with added ssh-agent key by providing any key which isn’t configured to allow authentication to the server.

    But unfortunately at the moment forward authentication won’t work in this scenario. The issue is under investigation. It should be fixed as soon as possible.

    #18185
    Britgirl
    Keymaster

    We’ve inserted a Feature Request to handle correct functioning of SSH-agent authentication forwarding. Until that is implemented, users can authenticate using SSH protocol through Password, Private key, Smart card and Kerberos.

     

    Adding SSH agent forward-authentification method
    https://www.nomachine.com/FR04P03602

Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as closed, you can't post.