On Sun, 2005-10-16 at 19:50 -0600, Dalan wrote: > Last time at the meeting, I can remember his name because I suck at names. > He said if there was any thing I would like to see at plug. I would like to > see something about FreeNX. I've tried to get FreeNX to work on Fredra core > 3 and 4 Gentoo and sues. I've only gotten it to work on Knoppix. > > I would like to see a presentation about FreeNX or Help trying to get FreeNX > to work. Before you ask Yes I've done google and I've done the many how to.
FreeNX on Fedora Core is exceptionally easy to install. Just get the latest nx and freenx packages from http://fedoranews.org/contributors/rick_stout/freenx/ The tricky part is the ssh keys. In the NX system, the connection is performed over ssh using a private/public key pair. After the connection is made (an ssl tunnel established) the user's name and password is sent to the nx server for authentication. Herein lies the problem. The nxclient from http://www.nomachine.com comes already with a private (yes private) key that corresponds with the commercial NX server's stored public key in the authorized_keys file. Since the Freenx people aren't part of nomachine, they don't have access to this public key. So the freenx installation generates their own keypair. To get your client to talk to the freenx server, you have to copy the private part of the generated keypair (see the fedora news article mentioned above, or my notes below) to your client. The alternative is to obtain the official public key and put that in the authorized_keys file on your freenx server. I happen to have this public key, so you can append the following to ~nx/.ssh/authorized_keys2 (all one line, no CRs): ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= [EMAIL PROTECTED] I've heard the latest nxclient from nomachine.com has a facility for adding a freenx custom private ssh key, so this may not be necessary. So installation and use of freenx is pretty straight-forward, expect for the at-first-glance backwards use of ssh-keys. The private key has to be distributed to all your clients and is safe to make publicly known to the world. Be aware of security implications, such as port tunneling. Simply connecting to the nx server manually via command-line ssh can open tunnels, even if you never get past the nx shell. So for public servers, I recommend disabling port forwarding. If you do so, be sure to click the "tunnel over ssl" option on the client. Otherwise the actual X traffic will try to go over a forwarded port, which of course is now disabled. The advantage of running this all over ssh is that you never have to run any daemons at all. No new ports are opened. It's pretty slick. My notes from the PLUG presentation on this last year are at: http://www.torriefamily.org/~torriem/nx.sxi cheers, Michael > > I guess that all the info I have sure I can keep typing but who here wants > me to continue? > > -- > -=/Dalan Andelin/=- > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ -- Michael Torrie <[EMAIL PROTECTED]> /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
