Re: nx and ssh restrictions?
> But when ssh is set up, it is also possible to do ssh straight into the
> server as a user. We do not want this.
Sure, that is one of the reasons nx is great, because it allows one to do exactly that.
> I thought that an nx login was performed as the user 'nx' with a key.
> Then the user logs onto the server through the tunnel set up by nx. This
> doesn't seem to be right. When I try to edit the ssh config to allow
> only nx, an nx login as user does not work anymore.
I think there is also an article in the NoMachine knowledgebase about that.
>From the top of my hat:
NX has PAM_LOGIN enabled by default.
You need to disable that in node.cfg.
You then need to add the users one by one via nxserver --adduser and set a password.
NX will then internally use ssh keys so you can disable password based authentication.
And you could then chown root:root ~/.ssh/authorized_keys(2), chmod 644 ~/.ssh/authorized_keys(2) for each user.
This could already be enough to disable logins by ssh.
I think there might also be a key to use su instead of ssh to allow just AllowUsers: nx in sshd_config. (In FreeNX there is for sure, but I dunno about commercial server)
But I don't remember exactly how it was with NoMachine nxserver.
If you bought the product, you are entitled to at least some support, so I guess further using the official support channels would be best.
cu
Fabian
Reply to: