Posted by: Anonymous
on October 05, 2007 07:07 PM
With key based authentication, you have to have a key on the machine you are trying to connect from which matches the key on the server you are trying to connect to. With PAM you can set up any one of several different authentication methods. Personally, when I set up SSH, I set it up to only accept a key since historically that has been less hackable. Also, the NX package the author was talking about uses a key to get through ssh. But that is where things get fun. Open SSH, by default uses SSH to change from the NX user to the user you are trying to sign in as. If you have disabled password authentication on SSH, then you must read through the FreeNX config file and disable SSH based user authentication and enable one of the other methods which FreeNX supports. The authors method of allowing password authentication from anything on the local network, and requiring keys from anything remote is an ingenious way to solve this situation.