August 20, 2014
 
 
RSSRSS feed

Graphical Remote Control Desktops for Linux, part 2 - page 4

Dynamic DNS setup and Wake-On-LAN (WOL)

  • November 3, 2008
  • By A. Lizard
When you are asked for a passphrase prompt, just hit "Enter" and leave it blank. To make this work, NX client needs to access your computer using a cryptographic key instead of insecure plaintext password transmission. It gets its logon password from the user once the connection is cryptographically secured.

Generate personal keys:

$ ssh-keygen -t rsa
$ ssh-keygen -t dsa


These keys go to
/home/username/.ssh

Generate root keys:

# ssh-keygen -t rsa
# ssh-keygen -t rsa


These keys go to /root/.ssh/id_rsa

Generate host keys:

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''

These keys go to /etc/ssh along with the system ssh/sshd configuration files.


$~$ cd .ssh
$~/.ssh$ cat *.pub >> authorized_keys2

$ /.ssh$ ls authorized_keys2 id_dsa id_dsa.pub id_rsa id_rsa.pub
$ /.ssh$ chmod 644 auth*
$ /.ssh$ cd ..
$ chmod 700 .ssh
$ su root
Password:
# /home/username# cd /root
# chmod 700 .ssh
# cd .ssh
# chmod 644 auth*

/etc/ssh permissions (owned by root:root)

# chmod 700 /etc/ssh
# cd /etc/ssh

# chmod 600 authorized_keys2

If you are connecting for the first time via ssh with keys correctly installed, you'll see:

The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is 4a:d2:12:04:74:3b:57:6a:55:2e:95:5a:46:e1:52:88.

Are you sure you want to continue connecting (yes/no)?

Assuming you know what you connected to, answer yes, you won't get any further if you don't. Once you have done this, you should see a user prompt open that looks just like the regular user prompt on your computer. At that point, type exit. Unless you're connecting remotely and actually want to work on configuration files on your computer, of course.

Do this for each of the ssh addresses given above.

ssh -v username@127.0.0.1
ssh -v username@localhost
ssh -v username@computername
The -v switch means verbose and triggers debugging information.

If you think you've got everything right and it's still not connecting, try blowing away

/home/username/.ssh/known_hosts
/root/.ssh/known_hosts

/usr/NX/home/nx/.ssh/known_hosts

and reconnecting. You'll have to do all the key acknowledgement "The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established." all over again for all the hostnames (everything after the @ in a ssh command), but if you've got everything set up correctly, you'll be in business afterwards.

Once you're setup properly, do

# touch /etc/hosts.deny

Almost There!

We're almost there-- come back Wednesday for the final installment!
Sitemap | Contact Us