Dear Stefan, > NoMachine NX/FreeNX uses a special pair of SSH public/private keys > during initial session setup. NX ships a default key pair, and you can > change that to one you (as the admin) created. This key pair will be the > same for all connections to the server.
Yes, that is the one, that I would like to use with X2Go =) Of course my own generated one. =) > This is independent of the user's SSH authentication method (which, in > case of X2Go, can be password, an individual SSH key file, or a smartcard). > > As far as I know - but Mike#1 should be able to make a more qualified > statement here - X2Go does not need such an underlying "shared" key pair > at all. So, since it is not needed, there's no way or reason to change it. The reason I would like such shared keyis that, if someone should get hold of a username and passphrase, then the bad guy still needs the shared key file, before the account is compromised. > Using an *individual* SSH key pair for each user instead of simple > password-based authentication is obviously recommended, but this must be > done right. > > <rant>The private key file must be kept secret at all times, not even > the admin should have a copy - or read access. Some people have the > "brilliant" idea to store private key files on network shares where > other people can access them, because they fail to realize that a > keyfile that hasn't been properly protected is like handing out a > permanent second key to your home - it doesn't help to change the > password you used to protect the keyfile, because the original password > will still work on the copy the attacker has in his hands, and this can > be brute-forced like a regular password, once the keyfile is in the > enemy's hands.</rant> I would never do such a thing. But thanks for clearing that out =) Hugs, Jasmine =) _______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
