Yubikey support

Forum / NoMachine for Linux / Yubikey support

Viewing 8 posts - 16 through 23 (of 23 total)
  • Author
    Posts
  • #49618
    Guro
    Contributor

    Hello

    To be able to provide more advises there is need to have more detailed log data. As for security reason, authentication logs are disabled by default.
    But if you are willing to install new debug package on your working machine and test the authentication process to provide us more detailed information about this error, we can send you a debug package.

    Thanks

    #49641
    Britgirl
    Keymaster

    One thing worth noting here because it’s not been mentioned is that if you want to start SSH connections from the Mac machine to your Ubuntu host with NoMachine, on the server you need to have a product from the Enterprise family. If you have NoMachine free version installed on the server side, it cannot accept SSH connections. I think Guro assumed that you did (e.g Enterprise Desktop is the same as the free version but provides SSH support, web-based connections and other features) when he suggested trying an SSH connection.

    #49659
    Guro
    Contributor

    Hello

    Please could you provide exact information of NoMachine server you are trying to connect to?
    The free NoMachine version does not support SSH connections.

    Thanks

    #49666
    Chatter5352
    Participant

    If there are no security risks to installing the debug package, then I’m happy for you to send it to me and use it. What is the security reason for them to be disabled by default?

    I am using NoMachine 8.13.1 on my Mac client and the latest version on my Ubuntu device to be accessed. I have the free version so I guess that explains why ssh doesn’t work. Is there any way to use the Yubikey to protect the free version of NoMachine? Is the ssh tunnelling method I mentioned earlier in this thread sensible? That is:

    In the mean time I have found a possible workaround. This is to use the Yubikey to ssh tunnel the 4000 port to my localhost. Then I can connect to localhost using NoMachine. This works and may be an acceptable workaround, unless you see problems with this method? One possible issue is that I have found this connection less reliable than directly using NoMachine to the remote IP and port eg. session freezes and I have to reconnect. Is there a way to make the connection more stable with this approach?

    #49683
    Guro
    Contributor

    hello

    “If there are no security risks to installing the debug package, then I’m happy for you to send it to me and use it.” –  It’s safe to install and use. It’s a regular package with extra debug enabled to allow us to go much deeper into why a particular error is happening so they will contain information about exchange protocol flow data, ssh key fingerprints and accepted encryption methods.

    ” Is the ssh tunnelling method I mentioned earlier in this thread sensible?” – Yes it is. You can see details here: https://kb.nomachine.com/AR10K00728

    “Is there a way to make the connection more stable with this approach?” – I think the session freeze needs further investigation. First, can you send us server side logs? Logs would also allow us to check why the connection is failing without an appropriate error even without adding yubikey as a device. You can extract them using the instructions here: https://kb.nomachine.com/DT07S00243.

    Send them to forum[at]nomachine[dot]com. Please use the title of this topic as the subject of your email. Thanks!

    #49931
    Britgirl
    Keymaster

    Chatter5352, just to clarify, we don’t need to send you a debug package for the SSH issue because you we now know that you are using the free version which doesn’t support incoming SSH connections. If you are still experiencing the session freezes, we would be interested in seeing the server side logs (see Guro’s post just above). Let us know.

    #50093
    Chatter5352
    Participant

    Sorry for the delay, I’ve been out of contact. I am still experiencing the freezing issue. Sometimes it happens quite regularly eg. multiple times every few minutes. Sometimes it seems fine for even an hour but does eventually seem to come back. When it freezes, the mouse cursor often vibrates back and forth on the screen but can no longer be moved nor does anything else respond. The only way forward is to quit the session and log in again (the tunneled ssh link is fine throughout).

    Are there specific things in the logs I need to remove to maintain privacy and security? I don’t want to be sending personal information over the internet in this way. If that can be clarified, I’m happy to send the relevant parts of the logs. Or are there any other things I can try in the mean time to debug this?

    Thanks for your help with this!

    #50111
    Britgirl
    Keymaster

    Hi, please send them privately to our email address rather than here. IPs and usernames (not passwords) are present in nxserver.log, nxinstall.log, nxservice.log. If you wish to remove this information before sending, you should edit those in a text editor before sending.

Viewing 8 posts - 16 through 23 (of 23 total)

You must be logged in to reply to this topic. Please login .