freenx [update]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

>> I'd agree that the nx user's authorized_keys file should contain
>> this directive by default if it isn't needed by the protocol.
>> Do you know the right place to post a bug?
>
> I do, but this is something I only now realized.
> Still experimenting with how to fix this...

I think the following in /var/lib/nxserver/home/.ssh/authorized_keys2
works correctly and only leaves a resource DoS (while fixing the port 
forwarding and other issues):

for each (client host,key) pair enter:

from="client.fqdn",command="/usr/bin/nxserver",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAA...== anyone@xxxxxxxxxxx

[you can also use an ip instead of client.fqdn]

for each global key enter (ie a key which works from any ip):

command="/usr/bin/nxserver",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAA...== anyone@anywhere

using ssh-dss for dsa keys and ssh-rsa for rsa keys (I think rsa is 
better if I recall latest discussions)

Cheers,
MaZe.
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux