Re: nxserver
On Sun, 07 Jan 2007 10:45:57 -0800, Todd A. Jacobs wrote:
> On Sun, Jan 07, 2007 at 05:04:00PM +0100, Marco Mandl wrote:
>
>> This brings me to security problem. I nx adds its default key then
>> everybody could use this default key to login to the corresponding
>> user with a ssh client. Wrong?
>
> Wrong. If you're using PAM, the default key only gives them access to
> the nxserver account; they still have to authenticate to the user
> account separately using PAM. Using the default key is slightly less
> secure, but it avoids having to distribute a custom key to each nxclient
> you serve.
I set the following in sshd_config. This made the public key
authentication work. But now there is no password challenge anymore. PAM
seems to be deactivated. How can I activate both PKA and PAM?
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
A default key for authenticating against nxserver and then PAM to
authenticate the user does not make me feel save. How have nxserver to
authenticate the user with a key generated by myself?
>
>> BTW: Why does nxserver use ssh/authorized_keys2 instead of
>> ssh/authorized_keys which is used by sshd by default?
>
> You can change this default in various ways, but it doesn't work well if
> you do because the whole NX user configuration process gets borked. The
> best thing to do is just make a symlink after installation:
I understand that. But is there reason behind not using the default
authorized_keys file?
/m
Reply to:
- References:
- nxserver
- From: Marco Mandl <marco.mandl@gmx.at>
- Re: nxserver
- From: "Todd A. Jacobs" <nospam@codegnome.org>