Steve92

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 70 total)
  • Author
    Posts
  • in reply to: ECS V8: Update nxd certificates #53669
    Steve92
    Participant

    Hi,

    For the moment, my question is about the SSL certificate for nxd and not RSA key pair.

    I kwow the article you quote, but alas it is not precise about how to deal with change of SSL certificate for nxd. 🙁

    Hence my question : “In short, how to handle nxd certificate change on nodes when nodes are administrated by different admins than ECS admin ?”

    Regards,

    Steve.

    in reply to: ECS V8: Update nxd certificates #53655
    Steve92
    Participant

    Hi Fisherman,

    Thanks for this quick answer but it is not exactly what I’d want.

    Nodes are already added to ECS in “direct connection mode” or “inverse connection  mode”.

    For security reasons, keys have to be regenerated with 4096-bit instead of 2048-bit standard length.

    One part of the subject is the keys for the nxd certificates of the nodes.

    nxd certificates will be regenerated by local admin for all nodes of their VLAN (they don’t have admin rights on ECS).

    The nx_host_rsa_key.crt files will be sent to ECS admin and then what have he to do on ECS (or eslewhere) ?

    (a script is needed to handle many .crt files )

    When I check the last modification date of /var/NX/nx/.nx/config/authorized.crt ,

    it does not seem to be the right file (unchanged date).

    /var/NX/nx/.nx/config/cllient.crt

    seems to be the right file to put .crt of certificate from nxd of nodes.

    The .crt files will be sent to ECS admin and then what have he to do on ECS (or eslewhere) ?

    In short, how to handle nxd certificate change on nodes when nodes are administrated by different admins than ECS admin ?

    I hope it is more clear.

    Thanks,

    Regards,

    Steve.

    in reply to: ECS V8: Update nxd certificates #53631
    Steve92
    Participant

    Hi!

    Remote nodes are on VLAN administred by local admins.

    They don’t have rights on ECS that has its own dedicated admin.

    I’ve analyzed the subject and if I well understand we could use –keyadd to register the public keys of nxd of remote nodes in

    /var/NX/nx/.nx/config/authorized.crt on ECS.

    * Local admin

    Each local admin generates new 4096-bit nxd certificate (nx_host_rsa_key) and its public key (nx_host_rsa_key.crt) for all nodes on his VLAN.

    A prefix is added to each key:

    cp /usr/NX/etc/keys/host/nx_host_rsa_key.crt <source_hostname>_nx_host_rsa_key.crt

    All the keys are sent to ECS admin.

    * ECS Admin

    For each pub key received :

    sudo /etc/NX/nxserver –keyadd <source_hostname>_nx_host_rsa_key.crt

    => this command updates /var/NX/nx/.nx/config/authorized.crt

     

    Q1- Please, could you validate my understanding and this procedure ?

    Q2- What about inverse mode connection if nxd certificate is changed on remote node ?

     

    Thanks,

    Regards,

    Steve.

     

    in reply to: “–subscriptionlist” option understanding #53576
    Steve92
    Participant

    Hi!

    No acronyms list V8 ?

    Thanks !

    Regards,

    Steve.

    in reply to: How to monitor ECS ? #53575
    Steve92
    Participant

    Hi!

    Any suggestion for a specialized software to do that with V8 ?

    Thanks!

    Regards,

    Steve.

    in reply to: How to monitor ECS ? #53518
    Steve92
    Participant

    Any idea ?

    With V8 ? V9 ?

    in reply to: “–subscriptionlist” option understanding #53517
    Steve92
    Participant

    Steve,

    Q2- Acronyms list V9 is a little bit different from V8. There is a notion of O/S ?

    Thanks!

    Regards,

    Steve.

    Steve92
    Participant

    Hi,

    I need !M user groups only if ECS is not connected to AD, don’t I ?

    Thanks!

    Regards,

    Steve.

     

    in reply to: Remove a node from a group of nodes ? #53515
    Steve92
    Participant

    Hi

    I see it in column groups !?!

    (see the horrible copy/paste in my 1st post)

    Regards,

    Steve.

    in reply to: SBTS V8.16 behaves like ED ? #53514
    Steve92
    Participant

    Hi,

    ECS has been hardened and unix-xsession-default set to NO too quickly.

    Prob solved by putting it to YES. 🙂

    Regards,

    Steve.

    in reply to: Certificate for nxd issued by Certificate Authority? #53513
    Steve92
    Participant

    Hi!

    No hope to use a host certificate and key issued by Certificate Authority. in V8.x ???

    Regards,

    Steve

    in reply to: SBTS V8.16 behaves like ED ? #53374
    Steve92
    Participant

    Hi,

    Here is the result :

    root@bmn-dev-deb01:/home/ADM_T0237305_L# grep -i availablesessiontypes /usr/NX/etc/*cfg

    /usr/NX/etc/node.cfg:AvailableSessionTypes unix-remote,unix-console,unix-default,unix-application,physical-desktop,shadow,unix-xsession-default,unix-gnome,unix-xdm

    /usr/NX/etc/server.cfg:# desktop=1 list all desktop types set in the AvailableSessionTypes

    /usr/NX/etc/server.cfg:AvailableSessionTypes unix-remote,unix-console,unix-default,unix-application,physical-desktop,shadow,unix-xsession-default,unix-gnome,unix-xdm

     

    Regards,

    Steve

    in reply to: How to monitor ECS ? #53349
    Steve92
    Participant

    Hello,

    The idea would be to simulate a real user and from end to end and detect interruption of service before users scream 😉

    Simulate for V8.16 :

    !M Client (Win11) ==> ECS (RHEL) ==> ED (Win) or SBTS (RHEL /Debian)

    Is it possible ? How ?

    Thanks,

    Steve.

     

    in reply to: SBTS V8.16 behaves like ED ? #53330
    Steve92
    Participant

    Hello,

    – same result with another username

    – yes SBTS V8.16 for Debian 12 (.deb got from URL provided by NoMachine team), valid evaluation key

    Do you have the SHA256 signature for SBTS V8.16 for Debian x64 ?

    Regards,

    Steve

    in reply to: Disable warning about authenticity of host #53066
    Steve92
    Participant

    Hi!

    What logs exactly would you need ?

    Those collected on client side with this command ?

    tar -cvp –exclude ‘cache*’ –exclude ‘images’ –exclude ‘temp’   $HOME/.nx | gzip -c >nxdir.tar.gz

    I can’t send all the the logs for security reasons, please could you be more precise and tell me just a few crucial log files you need to understand the problem ?

    Thanks,

    Regards,

    Steve.

Viewing 15 posts - 1 through 15 (of 70 total)