Gatos

Forum Replies Created

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • in reply to: CA Authority (openssh like) #25567
    AvatarGatos
    Participant

    Now that I’ve tried and though about it, it doesn’t seem like Windows and NoMachine are going to play nice with each other.
    (FR05Q03832)
      obviously ed25519 isn’t supported, NoMachine seems to be more focused on Linux based machines.

    That’s a shame, either I allow a user or don’t, that’s basically the same result as allowing users to login through a rsa key under the NX protocol under ANY OS, and kinda bypassing the benefits of a CA, they could just add a Windows user and add their key, while the Linux user gets an error because his key to “write” wasn’t signed.

    I tried switching the PID file in the config, and the the nxsshd file (point to sshd.exe)…
    is there a way to use the standard SSH server (not nxclient)? because I’m able to login on the machine with a signed cert, but not via NoMachine because of “ed25519 not supported

     

    in reply to: CA Authority (openssh like) #25540
    AvatarGatos
    Participant

    Hey Cato

    Thank you for responding, I’m sorry for the late reply, I needed a small break from this 🙂

    I’ve configured OpenSSH for windows 10, and I’m able to login via standard ssh with a signed key that expires after x time.
    The key is ssh-ed25519 (with the -m PEM option added when generating the key as per (AR03Q01020)
    but then I try to use the key with NoMachine I get the error:

    “userauth_pubkey: unsupported public key algorithm: ssh-ed25519

    userauth_pubkey: unsupported public key algorithm: ssh-ed25519-cert-v01@openssh.com
    (this points me to (FR05Q03832) it doesn’t seem like NoMachine is compatible with ed25519)
    the RSA key give me:
    Accepted publickey for (user)  (port) ssh2

    I’m able to add a key with ssh-rsa to the authorized_key file in the OpenSSH server config (not the NoMachine).
    but I’m not able to login with the signed key.
    if I un-comment the rsa key I’m no longer able to login to NoMachine via, but I’m still able to SSH into windows with the signed key.
    ———————————————————————-
    Here is what I’ve tried in the authorized_keys file in C:\user\(user)\.ssh (I’m not using the default admin config):

    ssh-rsa AAAA…

    #cert-authority ssh-rsa AAA… 

    This allows me to login to NoMachine with standard rsa key, but not the ssh server with the signed ed25519 key

    #ssh-rsa AAA…

    cert-authority ssh-rsa AAA…

    This allows me to login with the singed key on the ssh server, but not NoMachine.

    —————————————————————————————————–
    I’ve tried signing the standard rsa key and use it to login to the ssh server on windows 10, but that doesn’t work, so it seems ed25519 is required for windows.
    I’m wondering if there’s a compatibility issue? I tried DSA but that didn’t work (:
    Any pointer to where I should be looking to would be greatly appreciated as it seems like I’m getting closer to solving this issue 🙂

    in reply to: CA Authority (openssh like) #25515
    AvatarGatos
    Participant

    well I made some progress
    I tried adding “expiry-time=”20200206″ ssh-rsa Ablablabla”
    that didn’t work, but I figured could just add all the keys as a comment with that line and look for the signature in a scrip.
    That seems to be an easy way to filter through the keys.
    I tried using the SSH option in NoMachine but it’s not supporting any certificates generated by open-ssh, and it’s not supporting a lot of the ssh commands I’m used to.

    I’m really at a lost here, am I missing something or is it something fundamental to the NoMachine protocol(software) that I didn’t understand?

    in reply to: NoMachine License through KVM/QEMU #25322
    AvatarGatos
    Participant

    Thank you for the reply.

    It wasn’t very clear to me what the different versions/options did as this is the first time I’m shopping for commercial software 😁
    One thing I knew, it wasn’t going to be “personal use” anymore.

    I got a question about the 10 packs though/need clarification just to make sure.
    Do I understand it correctly that if I buy the 10pack version for Windows, it means I can only install that version on Windows VMs? and if I had some VMs running Linux/MacOS I’d need to buy those packages individually?

    —————————–
    Also slightly unrelated the “number of connection” saying it was unlimited on all the products was puzzling, because I’ve encountered some times where I’m able to have two users on the same VM via the free version of client/server, I’ve tried multiple times to implement it on my different machines, because it would be really cool… though I’m guessing that’s actually a bug and not something I need to set up.
    (believe me I tried to figure out what I was doing wrong since it “wasn’t working”!)

    It has only happened on Windows machines and I don’t know how to replicate it  to register a bug report (or else I’d be using it all day every day), but I figured I’d mention it and you guys do what ever you want with that info 🙂

    —————————–

    Anyway I think I got a better idea of what I’ll need, I’ll wait for some confirmation on the pack for different OS, but it looks like I won’t need to look for another remote desktop options, since I already have a product here that I know works, and I’ve been using for enough time that I can trust it would work for commercial use 🙂

Viewing 4 posts - 1 through 4 (of 4 total)