FreeNX

Hans Fugal hans at fugal.net
Mon Oct 17 08:27:48 MDT 2005


On Mon, 17 Oct 2005 at 07:05 -0600, Michael Torrie wrote:
> The tricky part is the ssh keys.  In the NX system, the connection is
> performed over ssh using a private/public key pair.  After the
> connection is made (an ssl tunnel established) the user's name and
> password is sent to the nx server for authentication.  Herein lies the
> problem.  The nxclient from http://www.nomachine.com comes already with
> a private (yes private) key that corresponds with the commercial NX
> server's stored public key in the authorized_keys file.  Since the
> Freenx people aren't part of nomachine, they don't have access to this
> public key.  So the freenx installation generates their own keypair.  

Last time I installed freenx it said "do you want to use the NoMachine
keys or generate your own pair?" (or something like that). The NoMachine
NX server asked the same question. Maybe this was an addition by the
kanotix people (see below).

> I've heard the latest nxclient from nomachine.com has a facility for
> adding a freenx custom private ssh key, so this may not be necessary.

Yes, you can get nxclient to use a custom key.

> So installation and use of freenx is pretty straight-forward, expect for
> the at-first-glance backwards use of ssh-keys.  The private key has to

I wouldn't go that far. freenx is a bear to get installed and configured
on every distro I've tried (which hasn't included FC, admittedly). While
some of this is the lack of binaries (and the doomsday prophecies of
what will happen if you try to compile it yourself), the other half is
poorly-documented "getting started". I haven't looked at the recent LJ
articles in the series, but the first few anyway were neat theory and
propaganda with no help on getting the thing installed (aside from "use
knoppix"). 

On Debian, you can use the kanotix sources line but be aware that it's
liable to mess other things up since it is a whole distro, not just the
freenx packages. Plus the freenx packages have dependencies that are not
in sarge (at the specified versions). For debian/ubuntu I recommend
adding the kanotix repo as a source line and building the .deb from
source.

The recent kanotix packages are not difficult to get working though.
Like I said above they handle the key stuff for you, and everything else
too, actually. See the README in /usr/share/doc/freenx for more info,
but basically it just works out of the box (once you can get the box
open).


And let me just say, it's worth all of that effort. NX really does rock!

-- 
Hans Fugal ; http://hans.fugal.net
 
There's nothing remarkable about it. All one has to do is hit the 
right keys at the right time and the instrument plays itself.
    -- Johann Sebastian Bach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20051017/b31f5c84/attachment.bin 


More information about the PLUG mailing list