Am 19.05.2014 17:04, schrieb Jasmine Lognnes: >> NoMachine NX/FreeNX uses a special pair of SSH public/private keys >> during initial session setup. NX ships a default key pair, and you can >> change that to one you (as the admin) created. This key pair will be the >> same for all connections to the server. > > Yes, that is the one, that I would like to use with X2Go =) Of course > my own generated one. =)
This NX key is/was never used the way you seem to think it is/was used. It is *not* a key securing the user's session. >> This is independent of the user's SSH authentication method (which, in >> case of X2Go, can be password, an individual SSH key file, or a smartcard). >> >> As far as I know - but Mike#1 should be able to make a more qualified >> statement here - X2Go does not need such an underlying "shared" key pair >> at all. So, since it is not needed, there's no way or reason to change it. > > The reason I would like such shared keyis that, if someone should get > hold of a username and passphrase, then the bad guy still needs the > shared key file, before the account is compromised. If you want to improve security, using individual SSH keys makes more sense. If you're dealing with minimum password requirements - which you can't enforce on a keyfile, as far as I know - then maybe you should think about using a VPN connection along with regular password authentication. VPNs can use shared or individual keys, though again I'd strongly recommend using individual ones. -Stefan _______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
