- This topic has 4 replies, 2 voices, and was last updated 7 years ago by
.
-
Posts
-
Context, NoMachine windows -> NoMachine on Linux via SSH
Authentication on the Linux side uses a) SSH keys (with password), b) Google authenticator and c) Unix password
The first issue is that when using ssh, it prompts for the ssh key passphrase even when puttyagent is being used to provide the key. This is confusing, as when puttyagent does provide the key, the passphrase is actually used to answer the google authenticator prompt. This is very confusing to users.
The second issue is that after passing the google authenticator prompt, it says authorization failed since the final unix password prompt is generated. The SSH handler should be aware of the different prompts for different purposes and generate a challenge to the user that provides proper context. Now, even though it says it failed, if they provide the Unix password, it does finally authenticate, but the prompts are extremely confusing.
I know that the preferred protocol is to use NX, but for our customers who’s data we are supporting, we want to be able to say that the ONLY protocol that is exposed for the server in question to the outside world is SSH. Is there any expected improvement in the handling of the ssh prompts to make them more context aware?
I’m surprised your authentication works! 😀 We don’t officially support a three-factor authentication, so I’m sure there is a lot of space for improvements. We’re doing tests in our labs to identify problems and required changes, I’ll send you an update as soon as we complete the investigation. Thank you for sharing your configuration. 🙂
To be honest, I’m surprised every time a complex tool allows authentication this way. It is however, technically four factor authentication. 1) ssh key itself 2) the passcode to decrypt the ssh key, 3) google authenticator 4) the unix password. If there is any assistance needed to set this up, please let me know, as the authentication setup is quite confusing, in particular when puttyagent kicks in and bypasses the ssh key password for the user.
Hi. We’re working on a version allowing to configure the authentication through SSH agent and better handling multiple factors. There are still some doubts about what to show to users and how to retrieve correct information, I’ll try to pack a testing version as soon as all changes will be completed.
This topic was marked as closed, you can't post.