Cannot use authentication with SSH/SSL key – free version

Forums / NoMachine for Linux / Cannot use authentication with SSH/SSL key – free version

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #13287
    Babok
    Participant

    Hello, i am beginner to free NoMachine – Version 5.1.62, and trying to configure one of the authentification methods through NX protocol :

    – Authentication with SSH key.

    – Authentication with SSL Certificate File and SSL Certificate Key.

    Since the ssh protocol is disable in the free version, I don’t know if those functions are working too.

    The password based authentication is working but i am trying to find a tutorial how to set up with keys.

    I installed the server on Linux and the client on Windows 10.

    Here the things I did:

    Set the EnableNXClientAuthentication 1 on server.cfg

    Copied /etc/keys/host/nx_host_rsa_key.crt and /etc/keys/host/nx_host_rsa_key to client folder C:\ProgramData\NoMachine\nxhtd\.nx\config\

     

    Then I launched GUI client and configured it to use private key nx_host_rsa_key.crt.

    After that, I got time out after few minutes trying to connect on server.

    I didn’t generated any custom SSL Keys, I took them from the NoMachine installation.

     

    Any help would be appreciated.

     

     

     

    #13308
    reza
    Moderator

    Please follow article about setting up key based authentication.

    https://www.nomachine.com/AR02L00785

     

    #13310
    Babok
    Participant

    I also just generated client certificate (nx_client_rsa_key.crt) to the store file on the server (server.crt)

    # echo “Host:localhost” > /var/NX/.nx/config/server.crt

    # cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt >> /var/NX/nx/.nx/config/server.crt

    # echo “Host:127.0.0.1” >> /var/NX/.nx/config/server.crt

    # cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt>> /var/NX/nx/.nx/config/server.crt

    Both entries for Host:localhost and Host:127.0.0.1 in server.crt look like:

    Host:localhost

    —–BEGIN CERTIFICATE

    —– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (……)

    —–END CERTIFICATE

    —– Host:127.0.0.1

    —–BEGIN CERTIFICATE

    —– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (….)

    —–END CERTIFICATE—–

     

    And same issue

    #13311
    Babok
    Participant

    if I modify the server.cfg (/var/NX/nx/.nx/config/server.crt)

    Host: <IP>

    —–BEGIN CERTIFICATE

    —– …

    —–END CERTIFICATE

    —– Host:

    —–BEGIN CERTIFICATE

    —– …

    —–END CERTIFICATE

    —– … Where <IP> is the IP address of the client.

    i have an answer from the server:

    Cannot accept public keys

    • This reply was modified 5 years ago by Britgirl.
    • This reply was modified 5 years ago by Babok.
    • This reply was modified 5 years ago by Babok.
    #13315
    Britgirl
    Keymaster

    Can you confirm that you followed Reza’s recommendation to check the article?

    #13318
    Babok
    Participant

    First I tried to make use of Authentication with SSL Certificate File and SSL Certificate Key with article https://www.nomachine.com/AR10M00866.

    Because I wasn’t sure SSH key would be enable on free version but it is, I will try the Reza’s recommendation .

    #13309
    Babok
    Participant

    Thanks for the link, i will try to use ssh keys with your link.

    I read this article https://www.nomachine.com/AR10M00866 but doesn’t work either with ssl keys with the free version.

    I managed to set a ssh tunnel with putty client (windows port 4003) to linux server (port 4000). And i can connect to NX server with this connection settings:

    connection settings: Protocol: NX Host: localhost Port: 4003 Authentication method: Password Username: user Password: ***

    The issue is keys authentification (ssh/ssl)

    #13332
    Babok
    Participant

    Here some good news:

    – On my ssh server, i created private and public keys, and tested until it works.

    – After that, i tried Reza’s recommendation, and it works well ! i can connect by using NX protocol with SSH keys on free version and without using any ssh tunnel.

    Maybe I will try with SSL Certificate File and SSL Certificate Key….

    But here my last questions

    – Can I only allow key authentification on nxserver as on ssh server ? I want to disable password authentication.

    – Do you have any jail config and jail filter for NoMachine to use with fail2ban ? I would like to protect my server against attacks.

    Thanks for your help.

    #13333
    Babok
    Participant

    I found my answer on server.cfg;

    Modify the field:

    #AcceptedAuthenticationMethods all

    To:

    AcceptedAuthenticationMethods NX-private-key

    #13398
    Britgirl
    Keymaster

    Fail2ban support is on our roadmap. You can view the Feature Request here:

    https://www.nomachine.com/FR01O03298

Viewing 10 posts - 1 through 10 (of 10 total)

This topic was marked as solved, you can't post.