Babok

[Babok]

Well got the same question, I expect at this answer:

– physical display is when you have a real screen (desktop)

-virtual screen is when you have no real screen (headless server)

 

maybe someone could bring more details on this feature and which one to choose for desktop or headless server.

[Babok]

I found my answer on server.cfg;

Modify the field:

#AcceptedAuthenticationMethods all

To:

AcceptedAuthenticationMethods NX-private-key

[Babok]

Here some good news:

– On my ssh server, i created private and public keys, and tested until it works.

– After that, i tried Reza’s recommendation, and it works well ! i can connect by using NX protocol with SSH keys on free version and without using any ssh tunnel.

Maybe I will try with SSL Certificate File and SSL Certificate Key….

But here my last questions

– Can I only allow key authentification on nxserver as on ssh server ? I want to disable password authentication.

– Do you have any jail config and jail filter for NoMachine to use with fail2ban ? I would like to protect my server against attacks.

Thanks for your help.

[Babok]

Thanks for the link, i will try to use ssh keys with your link.

I read this article https://www.nomachine.com/AR10M00866 but doesn’t work either with ssl keys with the free version.

I managed to set a ssh tunnel with putty client (windows port 4003) to linux server (port 4000). And i can connect to NX server with this connection settings:

connection settings: Protocol: NX Host: localhost Port: 4003 Authentication method: Password Username: user Password: ***

The issue is keys authentification (ssh/ssl)

[Babok]

First I tried to make use of Authentication with SSL Certificate File and SSL Certificate Key with article https://www.nomachine.com/AR10M00866.

Because I wasn’t sure SSH key would be enable on free version but it is, I will try the Reza’s recommendation .

[Babok]

if I modify the server.cfg (/var/NX/nx/.nx/config/server.crt)

Host: <IP>

—–BEGIN CERTIFICATE

—– …

—–END CERTIFICATE

—– Host:

—–BEGIN CERTIFICATE

—– …

—–END CERTIFICATE

—– … Where <IP> is the IP address of the client.

i have an answer from the server:

Cannot accept public keys

• This reply was modified 7 years, 11 months ago by Britgirl.
• This reply was modified 7 years, 11 months ago by Babok.
• This reply was modified 7 years, 11 months ago by Babok.

[Babok]

I also just generated client certificate (nx_client_rsa_key.crt) to the store file on the server (server.crt)

# echo “Host:localhost” > /var/NX/.nx/config/server.crt

# cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt >> /var/NX/nx/.nx/config/server.crt

# echo “Host:127.0.0.1” >> /var/NX/.nx/config/server.crt

# cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt>> /var/NX/nx/.nx/config/server.crt

Both entries for Host:localhost and Host:127.0.0.1 in server.crt look like:

Host:localhost

—–BEGIN CERTIFICATE

—– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (……)

—–END CERTIFICATE

—– Host:127.0.0.1

—–BEGIN CERTIFICATE

—– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (….)

—–END CERTIFICATE—–

 

And same issue

[Author]

Posts