On Thu, Jan 8, 2009 at 12:12 PM, Paul Hartman <[email protected]> wrote: > On Thu, Jan 8, 2009 at 10:57 AM, Paul Hartman > <[email protected]> wrote: >> On Wed, Jan 7, 2009 at 6:11 PM, Dave Jones <[email protected]> wrote: >>> Paul Hartman wrote on 08/01/09 00:28: >>>> Hi, >>>> >>>> Normally I'm using SSH with regular password login, and I've read >>>> about generating a keypair and having a password-less connection that >>>> way. Is there a way to require both the key AND a password? Basically >>>> if I put the key in my SSH client at work, I don't want a co-worker to >>>> be able to login to my home PC, or someone to grab my phone, etc. >>>> >>>> Is there a way to put a passphrase on the key (seperate from my user >>>> account password)? Maybe that would work... Otherwise I've thought >>>> about having a dummy SSH account and then "su - realuser" to get >>>> access, but that seems kind of messy. >>>> >>>> I've always used password login and IP-restricted it, but now I'm >>>> traveling more and never know what IP I might be connecting from, so >>>> using a key seems to be the best plan, or maybesome kind of >>>> portknocking (but that's difficult from restricted ssh environments >>>> such as a phone). >>>> >>> By default ssh-keygen creates a key pair with a passphrase. It's your >>> choice to enter or omit a passphrase. >>> >>> If you've generated a key without a passphrase, you can add a passphrase >>> using ssh-keygen -p >>> >>> Entering a passphrase encrypts the private part of the key, which you keep >>> only on the server. You only need the public part of the key on the client. >>> >>> Cheers, Dave >> >> It works great. Thanks everyone for your responses! >> >> Paul >> > > Well, almost great :) > > I can't figure out how to get NXclient to connect. It says the key is > corrupt or has a passphrase (which it does). Has anyone used NX with a > key-based SSH with passphrase? > > Thanks, > Paul
I figured it out. It was a two-part solution: 1) password logins must be enabled to use system authentication with NX. Since I don't want password logins, I had to use NX's internal user and password database instead. This requires maintaining separate passwords for NX... 2) the "nx" user is locked and passwordless; I had to give it a password in order to unlock it. After doing that, NX now works! *mental note: if I ever want to revoke someone's access to my machine or change their password, I must remember to check for SSH keys & NX user accounts (which are actually SSH keys as well) in addition to changing the password on their system account. Thanks again, Paul
