Graphical Remote Control Desktops for Linux, part 2 - page 4

Dynamic DNS setup and Wake-On-LAN (WOL)

When you are asked for a passphrase prompt, just hit "Enter" and leave it blank. To make this work, NX client needs to access your computer using a cryptographic key instead of insecure plaintext password transmission. It gets its logon password from the user once the connection is cryptographically secured.

Generate personal keys:

$ ssh-keygen -t rsa
$ ssh-keygen -t dsa

These keys go to /home/username/.ssh

Generate root keys:

# ssh-keygen -t rsa
# ssh-keygen -t rsa

These keys go to /root/.ssh/id_rsa

Generate host keys:

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''

These keys go to /etc/ssh along with the system ssh/sshd configuration files.


$~$ cd .ssh
$~/.ssh$ cat *.pub >> authorized_keys2
$ /.ssh$ ls authorized_keys2 id_dsa id_dsa.pub id_rsa id_rsa.pub
$ /.ssh$ chmod 644 auth*
$ /.ssh$ cd ..
$ chmod 700 .ssh
$ su root
Password:
# /home/username# cd /root
# chmod 700 .ssh
# cd .ssh
# chmod 644 auth*

/etc/ssh permissions (owned by root:root)

# chmod 700 /etc/ssh
# cd /etc/ssh
# chmod 600 authorized_keys2

If you are connecting for the first time via ssh with keys correctly installed, you'll see:

The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is 4a:d2:12:04:74:3b:57:6a:55:2e:95:5a:46:e1:52:88.
Are you sure you want to continue connecting (yes/no)?

Assuming you know what you connected to, answer yes, you won't get any further if you don't. Once you have done this, you should see a user prompt open that looks just like the regular user prompt on your computer. At that point, type exit. Unless you're connecting remotely and actually want to work on configuration files on your computer, of course.

Do this for each of the ssh addresses given above.

ssh -v username@127.0.0.1
ssh -v username@localhost
ssh -v username@computername

The -v switch means verbose and triggers debugging information.

If you think you've got everything right and it's still not connecting, try blowing away

/home/username/.ssh/known_hosts
/root/.ssh/known_hosts
/usr/NX/home/nx/.ssh/known_hosts

and reconnecting. You'll have to do all the key acknowledgement "The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established." all over again for all the hostnames (everything after the @ in a ssh command), but if you've got everything set up correctly, you'll be in business afterwards.

Once you're setup properly, do

# touch /etc/hosts.deny

Almost There!

We're almost there-- come back Wednesday for the final installment!

• « Previous

Skip Ahead
• 1. Dynamic DNS setup and Wake-On-LAN (WOL)
• 2. Dynamic DNS setup and Wake-On-LAN (WOL)
• 3. Dynamic DNS setup and Wake-On-LAN (WOL)
• 4. Dynamic DNS setup and Wake-On-LAN (WOL)

Solid State Drives: The Future of Data Storage?

Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.