December 28, 2016 at 09:41 #13287
Hello, i am beginner to free NoMachine – Version 5.1.62, and trying to configure one of the authentification methods through NX protocol :
– Authentication with SSH key.
– Authentication with SSL Certificate File and SSL Certificate Key.
Since the ssh protocol is disable in the free version, I don’t know if those functions are working too.
The password based authentication is working but i am trying to find a tutorial how to set up with keys.
I installed the server on Linux and the client on Windows 10.
Here the things I did:
Set the EnableNXClientAuthentication 1 on server.cfg
Copied /etc/keys/host/nx_host_rsa_key.crt and /etc/keys/host/nx_host_rsa_key to client folder C:\ProgramData\NoMachine\nxhtd\.nx\config\
Then I launched GUI client and configured it to use private key nx_host_rsa_key.crt.
After that, I got time out after few minutes trying to connect on server.
I didn’t generated any custom SSL Keys, I took them from the NoMachine installation.
Any help would be appreciated.December 28, 2016 at 11:23 #13308rezaModerator
Please follow article about setting up key based authentication.December 28, 2016 at 14:19 #13310
I also just generated client certificate (nx_client_rsa_key.crt) to the store file on the server (server.crt)
# echo “Host:localhost” > /var/NX/.nx/config/server.crt
# cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt >> /var/NX/nx/.nx/config/server.crt
# echo “Host:127.0.0.1” >> /var/NX/.nx/config/server.crt
# cat /usr/NX/etc/keys/host/nx_client_rsa_key.crt>> /var/NX/nx/.nx/config/server.crt
Both entries for Host:localhost and Host:127.0.0.1 in server.crt look like:
—– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (……)
—– MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw (….)
And same issueDecember 28, 2016 at 14:19 #13311
if I modify the server.cfg (/var/NX/nx/.nx/config/server.crt)
—– … Where <IP> is the IP address of the client.
i have an answer from the server:
Cannot accept public keysDecember 28, 2016 at 14:25 #13315BritgirlKeymaster
Can you confirm that you followed Reza’s recommendation to check the article?December 28, 2016 at 14:35 #13318
First I tried to make use of Authentication with SSL Certificate File and SSL Certificate Key with article https://www.nomachine.com/AR10M00866.
Because I wasn’t sure SSH key would be enable on free version but it is, I will try the Reza’s recommendation .December 28, 2016 at 14:36 #13309
Thanks for the link, i will try to use ssh keys with your link.
I read this article https://www.nomachine.com/AR10M00866 but doesn’t work either with ssl keys with the free version.
I managed to set a ssh tunnel with putty client (windows port 4003) to linux server (port 4000). And i can connect to NX server with this connection settings:
connection settings: Protocol: NX Host: localhost Port: 4003 Authentication method: Password Username: user Password: ***
The issue is keys authentification (ssh/ssl)December 30, 2016 at 09:56 #13332
Here some good news:
– On my ssh server, i created private and public keys, and tested until it works.
– After that, i tried Reza’s recommendation, and it works well ! i can connect by using NX protocol with SSH keys on free version and without using any ssh tunnel.
Maybe I will try with SSL Certificate File and SSL Certificate Key….
But here my last questions
– Can I only allow key authentification on nxserver as on ssh server ? I want to disable password authentication.
– Do you have any jail config and jail filter for NoMachine to use with fail2ban ? I would like to protect my server against attacks.
Thanks for your help.December 30, 2016 at 10:11 #13333
I found my answer on server.cfg;
Modify the field:
AcceptedAuthenticationMethods NX-private-keyJanuary 3, 2017 at 14:58 #13398
This topic was marked as solved, you can't post.