FreeNX

Michael Torrie torriem at chem.byu.edu
Mon Oct 17 07:05:33 MDT 2005


On Sun, 2005-10-16 at 19:50 -0600, Dalan wrote:
> Last time at the meeting, I can remember his name because I suck at names.
> He said if there was any thing I would like to see at plug. I would like to
> see something about FreeNX. I've tried to get FreeNX to work on Fredra core
> 3 and 4 Gentoo and sues. I've only gotten it to work on Knoppix.
> 
> I would like to see a presentation about FreeNX or Help trying to get FreeNX
> to work. Before you ask Yes I've done google and I've done the many how to.

FreeNX on Fedora Core is exceptionally easy to install.  Just get the
latest nx and freenx packages from
http://fedoranews.org/contributors/rick_stout/freenx/

The tricky part is the ssh keys.  In the NX system, the connection is
performed over ssh using a private/public key pair.  After the
connection is made (an ssl tunnel established) the user's name and
password is sent to the nx server for authentication.  Herein lies the
problem.  The nxclient from http://www.nomachine.com comes already with
a private (yes private) key that corresponds with the commercial NX
server's stored public key in the authorized_keys file.  Since the
Freenx people aren't part of nomachine, they don't have access to this
public key.  So the freenx installation generates their own keypair.  To
get your client to talk to the freenx server, you have to copy the
private part of the generated keypair (see the fedora news article
mentioned above, or my notes below) to your client.  The alternative is
to obtain the official public key and put that in the authorized_keys
file on your freenx server.  I happen to have this public key, so you
can append the following to ~nx/.ssh/authorized_keys2 (all one line, no
CRs):
 
ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root at nettuno

I've heard the latest nxclient from nomachine.com has a facility for
adding a freenx custom private ssh key, so this may not be necessary.

So installation and use of freenx is pretty straight-forward, expect for
the at-first-glance backwards use of ssh-keys.  The private key has to
be distributed to all your clients and is safe to make publicly known to
the world.  Be aware of security implications, such as port tunneling.
Simply connecting to the nx server manually via command-line ssh can
open tunnels, even if you never get past the nx shell.  So for public
servers, I recommend disabling port forwarding.  If you do so, be sure
to click the "tunnel over ssl" option on the client.  Otherwise the
actual X traffic will try to go over a forwarded port, which of course
is now disabled.

The advantage of running this all over ssh is that you never have to run
any daemons at all.  No new ports are opened.  It's pretty slick.

My notes from the PLUG presentation on this last year are at:
http://www.torriefamily.org/~torriem/nx.sxi

cheers,

Michael


> 
> I guess that all the info I have sure I can keep typing but who here wants
> me to continue?
> 
> --
> -=/Dalan Andelin/=-
> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
-- 
Michael Torrie <torriem at chem.byu.edu>




More information about the PLUG mailing list