Am 19.05.2014 17:04, schrieb Jasmine Lognnes:
NoMachine NX/FreeNX uses a special pair of SSH public/private keys during initial session setup. NX ships a default key pair, and you can change that to one you (as the admin) created. This key pair will be the same for all connections to the server.
Yes, that is the one, that I would like to use with X2Go =) Of course my own generated one. =)
This NX key is/was never used the way you seem to think it is/was used. It is *not* a key securing the user's session.
This is independent of the user's SSH authentication method (which, in case of X2Go, can be password, an individual SSH key file, or a smartcard).
As far as I know - but Mike#1 should be able to make a more qualified statement here - X2Go does not need such an underlying "shared" key pair at all. So, since it is not needed, there's no way or reason to change it.
The reason I would like such shared keyis that, if someone should get hold of a username and passphrase, then the bad guy still needs the shared key file, before the account is compromised.
If you want to improve security, using individual SSH keys makes more sense. If you're dealing with minimum password requirements - which you can't enforce on a keyfile, as far as I know - then maybe you should think about using a VPN connection along with regular password authentication. VPNs can use shared or individual keys, though again I'd strongly recommend using individual ones.
-Stefan