[X2Go-User] Possible to use server SSH key like FreeNX?

Stefan Baur newsgroups.mail2 at stefanbaur.de
Mon May 19 16:49:06 CEST 2014


Am 19.05.2014 16:32, schrieb Jasmine Lognnes:

> In FreeNX it is possble to change the default SSH key, so in addition
> to have a valid username+passphrase to the host, the user also needs a
> SSH key. The SSH key is the same for all users.
> 
> Is this also possible in x2go?

Uh, I think you're either confusing things here or your statement is too
vague to figure out what you're actually trying to ask.

NoMachine NX/FreeNX uses a special pair of SSH public/private keys
during initial session setup. NX ships a default key pair, and you can
change that to one you (as the admin) created. This key pair will be the
same for all connections to the server.

This is independent of the user's SSH authentication method (which, in
case of X2Go, can be password, an individual SSH key file, or a smartcard).

As far as I know - but Mike#1 should be able to make a more qualified
statement here - X2Go does not need such an underlying "shared" key pair
at all. So, since it is not needed, there's no way or reason to change it.

Using an *individual* SSH key pair for each user instead of simple
password-based authentication is obviously recommended, but this must be
done right.

<rant>The private key file must be kept secret at all times, not even
the admin should have a copy - or read access. Some people have the
"brilliant" idea to store private key files on network shares where
other people can access them, because they fail to realize that a
keyfile that hasn't been properly protected is like handing out a
permanent second key to your home - it doesn't help to change the
password you used to protect the keyfile, because the original password
will still work on the copy the attacker has in his hands, and this can
be brute-forced like a regular password, once the keyfile is in the
enemy's hands.</rant>

-Stefan


More information about the x2go-user mailing list