Secure RSA Key Authorization with FreeNX and NX Client in Precise
I have a recent installation of Ubuntu 12.04LTS. I have also recently installed FreeNX so that my home PC serves as a host (Precise comes with ssh server already installed). I have also succesfully installed NX Client (on the same PC as well as a different PC) to connect to my host computer. I am attempting to use keys. I am able to connect from my local network (192.168.1.XXX), as well as an external network (by using a DYNDNS service that points to my dynamic ipaddress). I do not use the standard port 22; I modified configuration files to use another port.
I attempted to setup custom keys; however, without installing/using the new custom key on the actual client(s), I was able to connect to my host; the host PC indicated the RSA key fingerprint, asked if I want to continue the connection, and when I said yes, it warned that it permanently added 'mydyndnsaddress' to the list of knowns hosts.
I have tried to fix this for days now, without success. I believe that I am misunderstanding one or several important points, but with all the different (and some dated) posts offering advice, I believe I have confused myself to no end.
What I believe (not sure) is happening is that my ssh server permits connections with my simple login and password, irrespective of the keys that are used. I have tried to use a new custom key, and modify the configuration, but have had no success; I tried multiple threads found over the internet without success. I have confused and frustrated myself to the point where I lack confidence and will to continue further without asking for assistance.
What I would like to do is:
1. Remove all keys from the host as if starting new. (I am confused as to where / which directories & files contain the keys and AuthorizedKeyFiles (Keys2 or standard Keys), and how to setup the node.conf and sshd_config files to do this...)
2. Create a new custom key that will be used for authorization, and use a passphrase.
3. Setup the ssh server to use RSSAAuthentication, and not permit authorization with a users login and password.
4. Understand if/how to setup AllowUsers (nx and myself, or others), and if this pertains to the ssh server, or the nxserver, or both. Replicate to remove/add users as desired.
5. Disable the PermitRootLogin and use RSA authentication so that the user will need to know the normal user's RSA passphrase plus the root password to login as root.
Here is what I have done so far...
A. Online instructions indicate issues with Unity, and the need for a simple(r) version of Gnome...so I executed "sudo apt-get install -y openssh-server python-software-properties gnome-session-fallback". Feedback indicates I already have installed.
B. Make sure ubuntu-desktop is installed (prerequisit, but I confirmed that 1.267 is already installed)
C. Make sure that openssh-server is installed using the command "sudo apt-get install openssh-server"; it was already installed.
D. Add the Freenx PPA via "sudo add-apt-repository -y ppa:freenx-team"
E. Install Freenx Server via "sudo apt-get update", and "sudo apt-get install -y freenx freenx-server"
F. Download the installation script via "wget https://bugs.launchpad.net/freenx-server/+bug/576359/+attachment/1378450/+files/nxsetup.tar.gz"
G. Extract the script and copy it to the NX directory vai "tar -xvf nxsetup.tar.gz", and "sudo cp nxsetup /usr/lib/nx/nxsetup"
H. Run the installation script "sudo /usr/lib/nx/nxsetup --install", and say Ues to creating a custom KeyPair.
I. Download NX Client for Linux (Ubuntu version) from http://www.nomachine.com/download-pa...?Prod_Id=3829; saved to ~/Downloads/NXCLIENT
J. Installed NX Client via "sudo dpkg -i nxclient_3.5.0-7_amd64.deb", followed instructions to enter command to allow printing from from the NX session...i.e. "sudo chmod 755 /usr/lib/cups/backend/ipp"
K. I modified the sshd_config file to change the ssh server port to XXXXX, and restarted the ssh server
L. Was able to connect via ssh, i.e. "ssh myusername@myDYNDNSname.dyndns.org -p XXXXX"
M. But failed to connect via NX Client, so modified node.conf (if I recall correctly) to use port XXXXX as well. Restarted ssh server. I was able to conncect via NX Client on port XXXXX but not 22 (good); connection was established with it asking to continue after it identified the RSA key fingerprint...
N. Tried to generate a new key with a more secure passphrase, so I tried "sudo ssh-keygen -p", and was asked "Enter file in which the key is (/root/.ssh/id_rsa):", and responded with "/var/lib/nxserver/home/.ssh/client.id_dsa.key". Restarted server. I think this generated a dsa key rather than a RSA key. Would like to remove and use RSA as I understand it is more secure than DSA.
O. Tried on 2nd computer (client), and was able to conenct/login without the new/modified key; system did ask if it was OK to procede with RSA fingerprint XX.XX.XX.blah.blah. I said OK. Seems that I am authorizing with username and password, not RSA Key.
Any help would be greatly appreciated.
Tags for this Thread