Securing NoMachine on Linux

Forum / NoMachine for Linux / Securing NoMachine on Linux

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • October 19, 2020 at 08:35 #29971
    colonel_panic
    Participant

    Hiya

    I am often called upon to help my lovely dad fix his computer. It is handy to be able to get online and help him with basic stuff on his computer.

    We currently have a subscription to a competing product (I feel it’s unfair to name names). We have been using it for years, because his old PC had Windows 7 Home and it was cheaper than the upgrade to Professional. When Windows went out of support, I upgraded him to Linux.

    I’d like to replace this product with NoMachine, because frankly it works much better. But let me ask you a question about configuring the server.

    I can generate key pairs for authentication with no problem, but I was wondering:

    1. Is it possible to change the port NoMachine uses? The router he uses is the one supplied by his ISP; it’s worked OK so far but when I tried to set up port forwarding it just gives me a list of applications but wouldn’t allow me to manually set port numbers.
    2. Is it possible to have NoMachine reject login attempts based on IP address? I have a static IP and so does he, plus it means he can’t ask me to help him when I’m away from my PC. 🙂 I know how I would do that with SSH, but I don’t know if there is a different way to do that with your software, or if I would restrict it all with some sort of firewall arrangement.

    I’d appreciate your guidance.

    October 19, 2020 at 10:30 #29981
    Britgirl
    Keymaster

    Thank you for not naming the other product although it would have been removed during the moderation process anyway 🙂

    Is it possible to change the port NoMachine uses? The router he uses is the one supplied by his ISP; it’s worked OK so far but when I tried to set up port forwarding it just gives me a list of applications but wouldn’t allow me to manually set port numbers.

    First make sure that UPnP is set in server.cfg, see this article to know how to do this:
    https://www.nomachine.com/AR11L00827

    You can change the port 4000 that NoMachine uses, but read this article first to make sure you don’t use a port that’s in use by another component.
    https://www.nomachine.com/AR11L00823

     

    Is it possible to have NoMachine reject login attempts based on IP address? I have a static IP and so does he, plus it means he can’t ask me to help him when I’m away from my PC. I know how I would do that with SSH, but I don’t know if there is a different way to do that with your software, or if I would restrict it all with some sort of firewall arrangement.

     

    I’m not sure if you are saying that you are not able to connect without approval or if you simply want to allow only connections from a specific device. You can set NoMachine to accept only connections from a specific IP address in the SSL authentication configuration, it’s for advanced users 🙂

    How to enable SSL client authentication for connections by NX protocol
    https://www.nomachine.com/AR10M00866

     

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.