[ale] Looking for ssh key explanatory documentation

[greg.freemyer at gmail.com (Greg Freemyer)]

On 4/19/06, David Corbin <dcorbin at machturtle.com> wrote:
> I understand, reasonably well, all the various keys involved in SSH. However,
> I've got a bunch of co-workers that I think would benefit from a clear
> explanation of them all, what goes where when and why.
>
> Can anyone point me at a good (medium to high level) descriptionof this? I
> kind of envision there being something with some good 'pictures' that would
> really make it clear.
>
> Thanks.

No, but I just spent half a day getting FreeNX to work correctly with ssh keys.

If anybody is interested:

I got ssh and FreeNX to work if and only if SSH key pairs are used.  
By default FreeNX performs a ssh via login/password in the background
so my uneducated attempts all failed.

Steps to follow that should work on a SUSE 10.0 box:

0) Uninstall FreeNX: "nxsetup --uninstall --purge" followed by using
yast to remove the rpm
1) Ensure openssh is installed with a vanilla /etc/ssh/sshd_config file
2) Install FreeNX via yast
3) run "nxsetup --install"   (Note that the lack of --setup-nomachine-key)
4) per the output from above copy the newly generated nx private key
to your clients and install in the various nx-clients.  Note that all
nx-clients share this one key!!!
5) Edit /etc/nxserver/node.conf to ENABLE_SU_AUTHENTICATION
6) Add nx to the users group  ("groupmod -A nx users")
7) Edit /etc/ssh/sshd_config and disable ChallengeResponseAuthentication

Now ssh works if, and only if, you have the appropriate private /
public key pair setup working.

And the NXfree client works if, and only if, you have the unique
private key installed.

I suspect I could get NXfree to use unique key pairs per user but I
don't need that for my environment.

Hope that helps someone.
Greg
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century