Dear Stefan,
NoMachine NX/FreeNX uses a special pair of SSH public/private keys during initial session setup. NX ships a default key pair, and you can change that to one you (as the admin) created. This key pair will be the same for all connections to the server.
Yes, that is the one, that I would like to use with X2Go =) Of course my own generated one. =)
This is independent of the user's SSH authentication method (which, in case of X2Go, can be password, an individual SSH key file, or a smartcard).
As far as I know - but Mike#1 should be able to make a more qualified statement here - X2Go does not need such an underlying "shared" key pair at all. So, since it is not needed, there's no way or reason to change it.
The reason I would like such shared keyis that, if someone should get hold of a username and passphrase, then the bad guy still needs the shared key file, before the account is compromised.
Using an *individual* SSH key pair for each user instead of simple password-based authentication is obviously recommended, but this must be done right.
<rant>The private key file must be kept secret at all times, not even the admin should have a copy - or read access. Some people have the "brilliant" idea to store private key files on network shares where other people can access them, because they fail to realize that a keyfile that hasn't been properly protected is like handing out a permanent second key to your home - it doesn't help to change the password you used to protect the keyfile, because the original password will still work on the copy the attacker has in his hands, and this can be brute-forced like a regular password, once the keyfile is in the enemy's hands.</rant>
I would never do such a thing. But thanks for clearing that out =)
Hugs, Jasmine =)