Babok

Forum Replies Created

Viewing 7 posts - 16 through 22 (of 22 total)
  • Author
    Posts
  • in reply to: Physical Display vs Virtual Display #25000
    Babok
    Participant

    Well got the same question, I expect at this answer:

    – physical display is when you have a real screen (desktop)

    -virtual screen is when you have no real screen (headless server)

     

    maybe someone could bring more details on this feature and which one to choose for desktop or headless server.

    Babok
    Participant

    I found my answer on server.cfg;

    Modify the field:

    #AcceptedAuthenticationMethods all

    To:

    AcceptedAuthenticationMethods NX-private-key

    Babok
    Participant

    Here some good news:

    – On my ssh server, i created private and public keys, and tested until it works.

    – After that, i tried Reza’s recommendation, and it works well ! i can connect by using NX protocol with SSH keys on free version and without using any ssh tunnel.

    Maybe I will try with SSL Certificate File and SSL Certificate Key….

    But here my last questions

    – Can I only allow key authentification on nxserver as on ssh server ? I want to disable password authentication.

    – Do you have any jail config and jail filter for NoMachine to use with fail2ban ? I would like to protect my server against attacks.

    Thanks for your help.

    Babok
    Participant

    Thanks for the link, i will try to use ssh keys with your link.

    I read this article https://www.nomachine.com/AR10M00866 but doesn’t work either with ssl keys with the free version.

    I managed to set a ssh tunnel with putty client (windows port 4003) to linux server (port 4000). And i can connect to NX server with this connection settings:

    connection settings: Protocol: NX Host: localhost Port: 4003 Authentication method: Password Username: user Password: ***

    The issue is keys authentification (ssh/ssl)

    Babok
    Participant

    First I tried to make use of Authentication with SSL Certificate File and SSL Certificate Key with article https://www.nomachine.com/AR10M00866.

    Because I wasn’t sure SSH key would be enable on free version but it is, I will try the Reza’s recommendation .

    Babok
    Participant

    if I modify the server.cfg (/var/NX/nx/.nx/config/server.crt)

    Host: <IP>

    —–BEGIN CERTIFICATE

    —– …

    —–END CERTIFICATE

    —– Host:

    —–BEGIN CERTIFICATE

    —– …

    —–END CERTIFICATE

    —– … Where <IP> is the IP address of the client.

    i have an answer from the server:

    Cannot accept public keys

    • This reply was modified 7 years, 10 months ago by Britgirl.
    • This reply was modified 7 years, 10 months ago by Babok.
    • This reply was modified 7 years, 10 months ago by Babok.
    Babok
    Participant

    I also just generated client certificate (nx_client_rsa_key.crt) to the store file on the server (server.crt)

    # echo “Host:localhost” > /var/NX/.nx/config/server.crt

    # cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt >> /var/NX/nx/.nx/config/server.crt

    # echo “Host:127.0.0.1” >> /var/NX/.nx/config/server.crt

    # cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt>> /var/NX/nx/.nx/config/server.crt

    Both entries for Host:localhost and Host:127.0.0.1 in server.crt look like:

    Host:localhost

    —–BEGIN CERTIFICATE

    —– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (……)

    —–END CERTIFICATE

    —– Host:127.0.0.1

    —–BEGIN CERTIFICATE

    —– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (….)

    —–END CERTIFICATE—–

     

    And same issue

Viewing 7 posts - 16 through 22 (of 22 total)