Forum Replies Created
-
AuthorPosts
-
andrewaParticipant
I solved the problem after some head banging. The correct setup is:
1. Public key in /root/.nx/config/authorized.crt (.nx and .nx/config have 0700 permissions, authorized.crt has 0600 permissions, owner root) should be the same format as in /root/.ssh/authorized_keys:
ssh-rsa AAAA .. in-one-line .. Bis= <comment>
This is the output of PuTTYgen generate window (not the saved file) and is different from SSH / XCA format of the generated public key .crt file. SSH seems to have some setup allowing it to generate the pulic key in this format, but I am not sure about the syntax. The .crt format used to input certificates in browsers and mail clients should not be used:
—–BEGIN CERTIFICATE—–
AAAA..
<<<in-many-lines>>>
..Bis
—–END CERTIFICATE—–2. In NX client under WIN select Session – Edit – Advanced – Private key – Settings file field: browse for private key file in SSH format, not the file saved by PuTTYgen. Private key file format should be:
—–BEGIN ENCRYPTED PRIVATE KEY—–
MI…
…
/m8=
—–END ENCRYPTED PRIVATE KEY—–Hope this naive explanation helps someone like me who is not on the professional side.
I wonder if authorized.crt file allows to place restrictions for IP, command etc. like the ones which can be added at the beginning of the line of each pulic key in /root/.ssh/authorized_keys. If “yes”, should one use the same sytax, are all restrictions in authorized_keys applicable?
<p style=”border-width: medium medium 1px; border-style: none none solid; border-color: currentColor currentColor #000000; padding: 0cm 0cm 0.04cm; margin-bottom: 0cm;” align=”LEFT”></p>
andrewaParticipantThanks for the detailed explanation, it is working fine now.
-
AuthorPosts