[CentOS] freenx [update]
Maciej Żenczykowski
maze at cela.pl
Wed Jan 25 01:08:03 UTC 2006
>> I'd agree that the nx user's authorized_keys file should contain
>> this directive by default if it isn't needed by the protocol.
>> Do you know the right place to post a bug?
>
> I do, but this is something I only now realized.
> Still experimenting with how to fix this...
I think the following in /var/lib/nxserver/home/.ssh/authorized_keys2
works correctly and only leaves a resource DoS (while fixing the port
forwarding and other issues):
for each (client host,key) pair enter:
from="client.fqdn",command="/usr/bin/nxserver",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAA...== anyone at client.fqdn
[you can also use an ip instead of client.fqdn]
for each global key enter (ie a key which works from any ip):
command="/usr/bin/nxserver",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAA...== anyone at anywhere
using ssh-dss for dsa keys and ssh-rsa for rsa keys (I think rsa is
better if I recall latest discussions)
Cheers,
MaZe.
More information about the CentOS
mailing list