Tool to simplify adding of multiple users’ public keys on ECS?

Forum / NoMachine Cloud Server Products / Tool to simplify adding of multiple users’ public keys on ECS?

Tagged: 

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • February 5, 2025 at 22:28 #51724
    Steve92
    Participant

    Hello,

    I’m testing key based authentication for web connections to ECS.

    It’s a real pain to set this kind of authentication when you have dozens of users to deal with !

    Please, can you provide a tool (script) to automate “1st step:  Add the public key on the server” for a big number of users,  described on this page: https://kb.nomachine.com/AR03Q01020

    On ECS, I’ve noticed that some users don’t have the folders <user’s home>/.nx/config

    When <user’s home>/.nx is created ?

    Thanks,

    Regards,

    Steve.

     

     

    February 10, 2025 at 21:18 #51768
    Steve92
    Participant

    Hello,

    Nothing like

    sudo /etc/NX/nxserver --keyadd /home/user/node.localhost.id_rsa.pub

    but to update

    <user’s home>/.nx/config/authorized.crt

    instead of /var/NX/nx/.nx/config/authorized.crt ?

    On ECS, I’ve noticed that some users don’t have the folders <user’s home>/.nx/config

    When <user’s home>/.nx is created ?

    Thanks,

    Regards,

    Steve.

    February 11, 2025 at 18:38 #51778
    Britgirl
    Keymaster

    We understand your requirements and we’ve been planning to add this capability in NoMachine. Until then it could be possible to use a third party tool like Ansible. We have created a Playbook which works in our environment and does what you are requesting. Please reach out to us directly for further instructions if you are interested.

    As for the question about the user’s home. The .nx folder is created in the user’s home directory when they start a session. However, you say that some users don’t have one. Are you using Active Directory? A known issue with AD is that the home is missing until the AD user logs-in to the machine, independently from NoMachine. This could your case.

    AD mobile accounts cannot create sessions on the remote host at the first login if they cannot access their home
    https://kb.nomachine.com/TR04R09659

    February 12, 2025 at 14:23 #51794
    Steve92
    Participant

    Hello,

    Ansible could be an interesting solution.

    But for the moment, could you please confirm owner, group and permissions, created manually, are OK on the following files and folders of this ECS machine ?

    [my_user@ECSDR ~]$ pwd
    /home/my_user
    [my_user@ECSDR ~]$ ls -al
    total 116
    drwx——. 17 my_user my_user  4096 26 nov.  11:06 .
    drwxr-xr-x. 11 root     root       149 21 janv. 15:27 ..
    drwx——. 30 my_user my_user  4096 11 févr. 10:44 .nx

    [my_user@ECSDR ~]$ ls -al .nx
    total 44
    drwx——. 30 my_user my_user  4096 11 févr. 10:44 .
    drwx——. 17 my_user my_user  4096 26 nov.  11:06 ..
    drwx——.  2 my_user my_user    63  3 févr. 17:57 config

    [my_user@ECSDR ~]$ ls -al .nx/config
    total 24
    drwx——.  2 my_user my_user   63  3 févr. 17:57 .
    drwx——. 30 my_user my_user 4096 11 févr. 10:44 ..
    -rw——-.  1 my_user my_user  982  3 févr. 13:38 authorized.crt

    Thanks,
    Regards,
    Steve.

    • This reply was modified 3 weeks, 6 days ago by Britgirl.
    • This reply was modified 1 week, 6 days ago by fisherman.
    February 26, 2025 at 16:02 #51941
    fisherman
    Moderator

    The permissions you present in the ls output are correct.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Please login .