[CentOS] freenx [update]

Wed Jan 25 01:08:03 UTC 2006
Maciej Żenczykowski <maze at cela.pl>

>> I'd agree that the nx user's authorized_keys file should contain
>> this directive by default if it isn't needed by the protocol.
>> Do you know the right place to post a bug?
>
> I do, but this is something I only now realized.
> Still experimenting with how to fix this...

I think the following in /var/lib/nxserver/home/.ssh/authorized_keys2
works correctly and only leaves a resource DoS (while fixing the port 
forwarding and other issues):

for each (client host,key) pair enter:

from="client.fqdn",command="/usr/bin/nxserver",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAA...== anyone at client.fqdn

[you can also use an ip instead of client.fqdn]

for each global key enter (ie a key which works from any ip):

command="/usr/bin/nxserver",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAA...== anyone at anywhere

using ssh-dss for dsa keys and ssh-rsa for rsa keys (I think rsa is 
better if I recall latest discussions)

Cheers,
MaZe.