From freenx-knx Tue May 06 13:18:01 2008 From: "Fabian Franz" Date: Tue, 06 May 2008 13:18:01 +0000 To: freenx-knx Subject: Re: [FreeNX-kNX] Running free nx and windows nx client with ssh Message-Id: <20080506131801.217970 () gmx ! net> X-MARC-Message: https://marc.info/?l=freenx-knx&m=121007994805267 > Hi > I have been using FreeNX (0.7.1.svn416-3) and the windows nx client > (3.0.0-83) to manage my Centos 5 server over our internal network for > some time. Fantastic. Nice! > > Recently - while away from the office - I opened port 22 to the internet > so I could manage more remotely - and this also worked fine - but within > 24 hours - there had been at least one brute force attack on the ssh port. > > On investigation - I found that my ssh settings allowed password > authentication "PasswordAuthentication yes" - which is definitely not > ideal because it opens the possibility of such attacks. The ssh mailing > list strongly recommend disabling password authentication - and that > makes sense to me. > > However - I found that when I disable password authentication in ssh - > the nx connection no longer works. Here is the solution: Edit or create node.conf: Set ENABLE_SSH_AUTHENTICATION="0", set ENABLE_SU_AUTHENTICATION="1" and add nx user to wheel or utmp group so that su - works for nx user. Done. Best Wishes, Fabian ________________________________________________________________ Were you helped on this list with your FreeNX problem? Then please write up the solution in the FreeNX Wiki/FAQ: http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ Don't forget to check the NX Knowledge Base: http://www.nomachine.com/kb/ ________________________________________________________________ FreeNX-kNX mailing list --- FreeNX-kNX@kde.org https://mail.kde.org/mailman/listinfo/freenx-knx ________________________________________________________________