It took me quite many hours. There are many posts online but at the same time many of them lead to dead ends. As mentioned in this post, the instruction described on help.ubuntu.com allows one to setup custom key but at the same time leaves a big security hole on ssh. Because everyone can ssh to your server without the need of a key. Here is what I did to patch such hole. After the whole procedure, password authentication for ssh will be blocked and custom key will be used for nx. I tested it in Ubuntu 10.10. After more testing, everything is fine but I can’t resume session. Still need more fixing!
- Instead of using ssh, it is better to use SU to authenticate. I am mostly following this thread (it has a script there that probably handles Steps 1 and 2 here but I’m not very comfortable running “unidentified” script on my working computer and so I didn’t try).
- Modify /etc/nxserver/node.conf to set ENABLE_SU_AUTHENTICATION=”1″ and the rest (ENABLE_SSH_AUTHENTICATION, ENABLE_USERMODE_AUTHENTICATION, ENABLE_PASSDB_AUTHENTICATION) to “0”.
- Restart nxserver by running sudo /etc/init.d/freenx-server restart
- If everything is going well, you can now try to shut down password authentication for ssh as follows:
- Add or uncomment “PasswordAuthentication no” in /etc/ssh/sshd_config
- Restart sshd by sudo service ssh restart
- If nx still works well, you may want to change sshd_config back to allow password authentication for the moment
- Now, let us set custom key as described in help.ubuntu.com as follows.
- Run sudo dpkg-reconfigure freenx-server and select “Create new custom keys” (or “Custom keys” if you have created keys before and don’t want to change them).
- In the next page, you should select SU for authentication.
- The above steps (2.a and 2.b) don’t work to me. It probably doesn’t work for you also if you have the “unknown job: freenx-server” error. Basically, new custom keys were not made for me. However, sudo /usr/lib/nx/nxkeygen did the job.
- After configuration, you need to distribute the public key to clients that want to login to your server. The key is stored at /var/lib/nxserver/home/.ssh/client.id_dsa.key. You will need root privilege to access or copy it.
- For Windows, you can change the key in NX Client at Configure->General->Key->Import. Or you can also directly copy the content of client.id_dsa.key to DSA Key window.
For Linux, qtnx is pretty screwed up with key management. See this post if you have problem trying to have custom key worked (actually please leave me a message if you figure out how to make qtnx gui worked correctly with your custom key. I definitely want to know!).I just realized that NX Client supports Linux also. So it probably easier to just use NX Client instead of qtnx.
- If you disable “password authentication” as suggested earlier, ssh will not work anymore unless you setup a key. Setting up key is relatively easy.
- ssh-keygen -t rsa (or ssh-keygen -t dsa) [I’m still not sure which one should be used always; I will suggest simply try both.]
- Copy the content of public key files (id_rsa.pub, id_dsa.pub) to the authorized_keys file on the remote server. This step is a bit counter-intuitive at first. But it is actually very easy to understand. When a client tries to login, the server looks into all public keys (locks) in the authorizedkeysfile and see if the client can open any of the locks. If the client is successful, the server can be certain the client is authentic.
- Also you need to check /etc/ssh/sshd_config to make sure that the AuthorizedKeysFile is actually defined and pointed correctly to the authorized_keys file on the server. The following two lines work for me:
- AuthorizedKeysFile /var/lib/nxserver/home/.ssh/authorized_keys2
- AuthorizedKeysFile2 %h/.ssh/authorized_keys
- Instead of going through Step 3.b above, you may also use ssh-copy-id user@remote_server to transfer your keys directly if you haven’t set password authentication to “no” yet.
- If everything is working fine, remember to add “PasswordAuthentication no” back to /etc/ssh/sshd_config and restart ssh server (sudo service ssh restart).
If you have problem to resume session, try to set ENABLE_SLAVE=”0″ inside /etc/nxserver/node.config.
Below are the final /etc/ssh/sshd_config and /etc/nxserver/node.config that seem to work for me. The version I am using is NXSERVER – Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
sshd_config
# Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile /var/lib/nxserver/home/.ssh/authorized_keys2 AuthorizedKeysFile2 %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication no # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes AllowUsers nx ssh_usera ssh_userb
# node.conf
#
# This file is provided by FreeNX. It should be placed either into
# /etc/nxserver/node.conf (FreeNX style) or /usr/NX/etc/node.conf
# (NoMachine NX style).
#
# It is mostly compatible with NoMachine node.conf. The most important
# difference is that no spaces are allowed when assigning values (eg
# "A=value" is allowed, "A = value" is NOT).
#
# This file is sourced by bash, so you can do some fancy stuff here if you
# want to, but be aware that it is sourced 3 times per connection. If you
# want autostart stuff, set NODE_AUTOSTART instead!
#
#
# You surely are aware that FreeNX is based on the fantastic results that
# the hard work by NoMachine.com has achieved. NoMachine.com released the
# core NX libraries under the GPL. The installation of these libs are the
# precondition for all FreeNX scripts to work. If you are installing this
# software with the help of one of the package management tools of your
# Linux distribution, you can assume that this dependency is taken care of
# by the tool.
#
# You have questions about the inner workings of the NX technology?
#
# Then you are recommended to first check out the rich and very detailed
# NoMachine documentation and their online Knowledge Base at
#
# http://www.nomachine.com/kb/
#
# Other sources of information are the NoMachine mailing lists
# (nxusers@nomachine.com and nxdevelopers@nomachine.com):
#
# http://www.nomachine.com/mailinglists.php
#
# The FreeNX (freenx-knx@kde.org) list is here:
#
# https://mail.kde.org/mailman/listinfo/freenx-knx
#
# SVN: $Id: node.conf.sample 613 2008-09-01 20:42:31Z fabianx $
#########################################################################
# General FreeNX directives
#########################################################################
# The host name which is used by NX server. It's should be used if it's
# different than the default hostname (as returned by `hostname`)
#SERVER_NAME="$(hostname)"
# The node ip which is used by NX Node in unecnrypted session mode.
# Set it if you want to use a specific external ip or the autodetection
# is not working.
#EXTERNAL_PROXY_IP=""
# The port number where local 'sshd' is listening.
#SSHD_PORT=22
#########################################################################
# Authentication / Security directives
#########################################################################
# Authentication directives
# This adds the usermode to the possible authentication methods
# Usermode means that a user can start the nxserver as his shell
# and connect directly to the right server via a custom client.
ENABLE_USERMODE_AUTHENTICATION="0"
# This adds the passdb to the possible authentication methods
ENABLE_PASSDB_AUTHENTICATION="0"
# This adds SSH to the possible authentication methods. For it to work sshd
# must be set up at localhost accepting password authentication.
ENABLE_SSH_AUTHENTICATION="0"
# This adds SU to the possible authentication methods. For it to work the
# "nx" user must be in the wheel (RedHat, Fedora) or the users group (SUSE)
# and the user logging in must have a valid shell that accepts the -c
# parameter.
ENABLE_SU_AUTHENTICATION="1"
# Require all users to be in the passdb, regardless of authentication method
#ENABLE_USER_DB="0"
# If enabled forces the user to use encryption. This will bail out
# if the user does not have encryption enabled.
#ENABLE_FORCE_ENCRYPTION="0"
# Refuse the NX client connection if SSHD does not export the
# SSH_CONNECTION and SSH_CLIENT variables in the environment
# passed to the NX server.
# 1: Will check the remote IP and will not accept the
# connection if it can't be determined.
# 0: Will accept the connection even if the remote IP
# is not provided.
#SSHD_CHECK_IP="0"
# If ENABLE_SLAVE_MODE="1" the user will be just logged in _once_ and the
# communication is done via nxnode slave mode.
#
# This is useful for one time passwords or to have less traffic in utmp
# and wtmp.
#
# Also session startup times are much faster in slave mode. This is true especially
# if many printers or shares have to be added.
#
# For this to work the binary nxserver-helper has to be installed in
# PATH_BIN.
#
ENABLE_SLAVE_MODE="0"
# If ENABLE_LOG_FAILED_LOGINS="1" then failed login attempts are logged to the system
# auth.log.
#
# This is useful in combination with tools like fail2ban.
#
# The default is to log failed login attemps via syslog (3).
#
#ENABLE_LOG_FAILED_LOGINS="1"
#########################################################################
# Restriction directives
#########################################################################
# The base display number from which sessions are started.
#DISPLAY_BASE=1000
# The maximum number of contemporary sessions that can be run on FreeNX
#SESSION_LIMIT=200
# The maximum number of contemporary sessions that a single user can run
# on FreeNX. Defaults to the value of SESSION_LIMIT.
#SESSION_USER_LIMIT=200
# The number of displays reserved for sessions, it has to be greater or equal
# to the maximum number of contemporary sessions that a server can run.
#DISPLAY_LIMIT=200
# User for which sessions should be persistent. Either the keyword "all" or a
# comma-separated list of usernames or groups in the @groupname syntax.
#ENABLE_PERSISTENT_SESSION="all"
# Users and groups for whom persistent sessions should be disabled.
# Especially useful if ENABLE_PERSISTENT_SESSION="all"
#DISABLE_PERSISTENT_SESSION=""
# This enables the mirroring of running sessions via VNC feature.
#
# Session is marked as resumable and type is vnc-mirrored.
#
#ENABLE_MIRROR_VIA_VNC=1
# This enables the sharing of :0 via VNC feature.
#
# Session is marked as resumable and type is vnc-local.
#
# Note: You need to have the rights to access the display
# else it does not work.
#
#ENABLE_DESKTOP_SHARING=1
#
# General shadowing / mirroring notes:
#
# By default shadowing is only allowed for the same user.
#
# If nxserver finds nxshadowacl binary, it asks it, for which users
# the permission is granted.
#
# nxshadowacl
#
# Exit code:
#
# 0 -> Save cookie in session file for other users
# 1 -> Do not save cookie
#
# Check if user is allowed to be shadowed by admin user.
#
# nxshadowacl
#
# Exit code:
#
# 0 -> Yes, allow shadowing and add to list
# 1 -> No, don't allow shadowing
#
#
# When using NX 3.0 shadowing, this enables asking the user whether
# he authorizes another user to shadow his session
#
# 0: No authorization request will be presented,
# and the session will be shadowed as if the user had approved.
# 1: (default) Ask for authorization
#
#ENABLE_SESSION_SHADOWING_AUTHORIZATION=1
# Allow session shadowing in interactive mode:
#
# 1: The shadowing user can interact with the shadowed session.
#
# 0: The shadowed session is view-only. No interaction with the
# shadowed session is possible.
#
#ENABLE_INTERACTIVE_SESSION_SHADOWING=1
#
# Enable or disable clipboard:
#
# client: The content copied on the client can be pasted inside the
# NX session.
#
# server: The content copied inside the NX session can be pasted
# on the client.
#
# both: The copy&paste operations are allowed both between the
# client and the NX session and vice-versa.
#
# none: The copy&paste operations between the client and the NX
# session are never allowed.
#
#ENABLE_CLIPBOARD="both"
#
# Enable or disable the pulldown dialog, which provides a graphical
# way to suspend or terminate the rootless session:
#
# 1: Enabled. The pulldown menu is shown when the mouse pointer
# moves near the middle of the top boundary of a window and
# allows the user to suspend or terminate the session by means
# of an icon-click.
#
# 0: Disabled. The ctrl+alt+T key combination has to be issued
# to get the dialog for suspending or terminating the session.
#
#ENABLE_PULLDOWN_MENU="1"
# The option USE_PROCESSOR_TASKSET is for setting the CPU affinity of all
# nx related processes.
#
# Note: To have for example startkde run on even another core, just specify:
#
# COMMAND_STARTKDE="taskset -c 2 -- startkde"
#
# FreeNX runs this option like: $COMMAND_TASKSET -cp "$USE_PROCESSOR_TASKSET" $$
#
# So with $USE_PROCESSOR_TASKSET set to 3,4 it would balance the tasks to cores
# 3 and 4.
#
# If this option is empty, no balance to cores is done.
#
#USE_PROCESSOR_TASKSET=""
# If you set ENABLE_ADVANCED_SESSION_CONTROL="1" you can start a new application in an already
# running rootless session by using "add " as session name.
#
# Note: The client will return a message on that.
#
#ENABLE_ADVANCED_SESSION_CONTROL="0"
# If you set ENABLE_SHOW_RUNNING_SESSIONS="0" then nxserver will only show
# suspended sessions and you will not be able to resume or terminate a running
# session.
#
#ENABLE_SHOW_RUNNING_SESSIONS="1"
#########################################################################
# Logging directives
#########################################################################
# This directives controls the verbosity of the server-wide log.
# 0: No Logging
# 1: Errors
# 2: Warnings
# 3: Important information
# 4: Server - Client communication
# 5: Information
# 6: Debugging information
# 7: stderror of some applications
#NX_LOG_LEVEL=0
# By setting this to 0 the nxserver might be a bit faster, but passwords can be found in the log files.
#NX_LOG_SECURE=1
# Before turning logging on, please make sure that NX_LOGFILE is
# writeable for the "nx" user
#NX_LOGFILE=/var/log/nxserver.log
# This directive controls if the temporary session directory
# ($HOME/.nx/C---) should be kept after a
# session has ended. A successfully terminated session will be saved as
# T-C--- while a failed session will be saved
# as F-C---.
# The default is to cleanup the directories.
#SESSION_LOG_CLEAN=1
# Amount of seconds nxserver is to keep session history. The default of 2592000
# is equivalent to 30 days. If this is 0 no session history will be kept
# and a negative value denotes infinity.
#SESSION_HISTORY=2592000
#########################################################################
# Forwarding directives
#########################################################################
# FreeNX with ENABLE_SERVER_FORWARD="1" will automatically forward all
# connections to the host specified in SERVER_FORWARD_HOST with the
# secret key SERVER_FORWARD_KEY.
#
# This allows to have a "chain" of NX Servers. Note that you will need to
# use "SSL encryption" for all connections.
#ENABLE_SERVER_FORWARD="0"
#SERVER_FORWARD_HOST=""
#SERVER_FORWARD_PORT=22
#SERVER_FORWARD_KEY="/usr/NX/share/client.id_dsa.key"
# FreeNX with ENABLE_NOMACHINE_FORWARD_PORT="1" will automatically forward all
# connections to the commercial NoMachine nxserver installed on the same
# machine, which go in by port NOMACHINE_FORWARD_PORT. This feature is introduced
# to enable the usage of FreeNX and NoMachine NX side by side on the same machine
# without conflicts.
#
# Note: You need to let SSHD listen to several ports to make use of this
# directive.
#ENABLE_NOMACHINE_FORWARD_PORT="0"
#NOMACHINE_FORWARD_PORT="22"
#NOMACHINE_SERVER="/usr/NX/bin/nxserver"
#NOMACHINE_NX_HOME_DIR="/usr/NX/home/nx"
# LOAD BALANCING
# ==============
#
# To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and
# make:
#
# - either sure that all incoming connections are sent to the master
# server by using forwarding directives on the "slave" servers.
#
# - or share the session database space via NFS between the servers.
# (not recommended at the moment as race conditions for DISPLAYs can
# occur)
#
#LOAD_BALANCE_SERVERS=""
# The following load_balance_algorithms are available at the moment:
#
# "load", "round-robin", "random"
#
# For "load" you need a script called nxcheckload in PATH_BIN.
#
# A sample script, which you can change to your needs it shipped with
# FreeNX under the name nxcheckload.sample.
#LOAD_BALANCE_ALGORITHM="random"
# By setting ENABLE_LOADBALANCE="1" you can let users choose their
# preferred host, while being forwarded to another server. Of course
# this is just a preference. The loadbalancing algorithm can completely
# choose to ignore the users choice.
#ENABLE_LOAD_BALANCE_PREFERENCE="0"
#########################################################################
# Services directives
#########################################################################
# FreeNX with ENABLE_ESD_PRELOAD="1" will automatically try to setup
# the sound with the help of the esd media helper.
#
# Currently ESD will be used just by the Windows NX Client.
#
# Be sure that $ESD_BIN_PRELOAD is in your path, does exist and work
# before enabling this directive.
#ENABLE_ESD_PRELOAD="0"
#ESD_BIN_PRELOAD="esddsp"
# FreeNX with ENABLE_ARTSD_PRELOAD="1" will automatically try to setup
# the sound with the help of the artsd media helper.
#
# Currently ARTSD will be used just by the Linux NX Client.
#
# Be sure that $ARTSD_BIN_PRELOAD is in your path, does exist and work
# before enabling this directive.
#ENABLE_ARTSD_PRELOAD="0"
#ARTSD_BIN_PRELOAD="artsdsp"
# FreeNX with ENABLE_KDE_CUPS="1" will automatically write
# $KDE_PRINTRC and put the current used socket into it.
#
# If you additionally enable ENABLE_KDE_CUPS_DYNAMIC it will set the
# Host entry to the script nxcups-gethost, which dynamically tries all
# possible entries to find the current printing host.
#
# The order is: CUPS_SERVER (env var), ~/.cups/client.conf, $KDE_PRINTRC,
# $CUPS_DEFAULT_SOCK, localhost
#
# So this option is most useful with ENABLE_CUPS_SERVER_EXPORT="1".
#
# $KDE_PRINTRC is automatically calculated if its not set.
#ENABLE_KDE_CUPS="0"
#ENABLE_KDE_CUPS_DYNAMIC="0"
#KDE_PRINTRC="$KDEHOME/share/config/kdeprintrc"
# FreeNX with ENABLE_CUPS_SERVER_EXPORT="1" will automatically
# export the environment variable CUPS_SERVER.
#ENABLE_CUPS_SERVER_EXPORT="1"
# FreeNX with ENABLE_CUPS_SEAMLESS will automatically try to download the
# necessary ppds from the client.
#
# As the forwarding is just active as soon as nxagent is started,
# we need a small delay of $CUPS_SEAMLESS_DELAY.
#
# Note: You need to use a patched cupsd on client side.
#ENABLE_CUPS_SEAMLESS="0"
#CUPS_SEAMLESS_DELAY="10"
# FreeNX with ENABLE_FOOMATIC will integrate the foomatic db to the list
# of available ppd drivers via the $COMMAND_FOOMATIC command.
#ENABLE_FOOMATIC="1"
#COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
# CUPS_BACKEND and CUPS_ETC are the corresponding paths of your CUPS
# installation.
#CUPS_BACKEND="/usr/lib/cups/backend"
#CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
#CUPS_DEFAULT_SOCK="/var/run/cups/cups.sock"
#CUPS_ETC="/etc/cups"
# SAMBA_MOUNT_SHARE_PROTOCOL is a key to configure the supported
# protocols for mounting shares.
#
# This key can be set to the following values:
#
# both, either SMB and CIFS protocol are supported, this is the default value.
# smbfs, only SMB protocol is supported.
# cifs, only CIFS protocol is supported.
# none, no network file-sharing protocol is supported.
#SAMBA_MOUNT_SHARE_PROTOCOL="both"
# FreeNX with ENABLE_SAMBA_PRELOAD="1" will automatically setup
# port 445 and 139 and forward them to the used samba port.
#
# This enables samba browsing to the local subnet in for example
# konqueror.
#
#ENABLE_SAMBA_PRELOAD="0"
# FreeNX with ENABLE_SOURCE_BASH_PROFILE="1" will source the users ~/.bash_profile
# before application startup as we are kind of a login shell.
#
# With this key this behaviour can be enabled (default) or disabled.
#
#ENABLE_SOURCE_BASH_PROFILE="1"
#########################################################################
# Path directives
#########################################################################
# USER_FAKE_HOME is the base directory for the .nx directory. Use this
# parameter instead of the users home directory if $HOME is on a NFS share.
# Note that this directory must be unique for every user! To accomplish this
# it is recommended to include $USER in the path.
#USER_FAKE_HOME=$HOME
# Add the nx libraries to LD_LIBRARY_PATH before starting nx agents.
# WARNING: This will NOT (and should not) affect applications. ONLY Disable
# this if the nx libraries are in a standard system path (such as /usr/lib)!
#SET_LD_LIBRARY_PATH="0"
# The command binary for the default window manager. If set it is run when a
# 'unix-custom' session is requested by the NX Client and an application
# to run is specified. It defaults to empty (ie no WM is run).
# If KILL_DEFAULT_X_WM is set the WM is terminated after the started
# application finishes. Else FreeNX will wait for the WM to complete.
#DEFAULT_X_WM=""
#KILL_DEFAULT_X_WM="1"
# When a 'unix-default' session is requested by the client the user's X startup
# script will be run if pressent and executable, otherwise the default X
# session will be run.
# Depending on distribution USER_X_STARTUP_SCRIPT might be .Xclients, .xinitrc
# and .Xsession
# Depending on distribution DEFAULT_X_SESSION might be /etc/X11/xdm/Xsession,
# /etc/X11/Sessions/Xsession or /etc/X11/xinit/xinitrc
#USER_X_STARTUP_SCRIPT=.Xclients
#DEFAULT_X_SESSION=/etc/X11/Xsession
# When the session is started some distros execute some scripts to get the
# environment ready. Set 1 if you want DEFAULT_X_SESSION to be called before
# executing the session.
#BOOTSTRAP_X_SESSION="0"
# The key that contains the name of the script that starts a KDE session.
# It's run when a 'unix-kde' session is requested by the client.
#COMMAND_START_KDE='/usr/bin/nx-session-launcher-suid startkde'
# The key that contains the name of the script that starts a gnome session.
# It's run when a 'unix-gnome' session is requested by the client.
#COMMAND_START_GNOME='/usr/bin/nx-session-launcher-suid gnome-session'
# The key that contains the name of the script that starts a CDE session.
# It's run when a 'unix-cde' session is requested by the client.
#COMMAND_START_CDE='/usr/bin/nx-session-launcher-suid xfce4-session'
# The key that contains the name of the complete path of command name
# 'xterm'. It is run when a unix "xterm" session is requested by the
# client.
#COMMAND_XTERM=xterm
# The key that contains the name of the complete path of command name
# 'xauth'.
#COMMAND_XAUTH=/usr/bin/xauth
# The key that contains the name of the complete path of command name
# 'smbmount'.
#COMMAND_SMBMOUNT=smbmount
# The key that contains the name of the complete path of command name
# 'smbumount'.
#COMMAND_SMBUMOUNT=smbumount
# The key that contains the name of the complete path of command name
# 'mount.cifs'.
#COMMAND_SMBMOUNT_CIFS=/sbin/mount.cifs
# The key that contains the name of the complete path of command name
# 'umount.cifs'.
#COMMAND_SMBUMOUNT_CIFS=/sbin/umount.cifs
# The key that contains the name of the complete path of the 'netcat' command.
#COMMAND_NETCAT=netcat
# The key that contains the name of the complete path of the 'ssh' and
# 'ssh-keygen' command.
#COMMAND_SSH=ssh
#COMMAND_SSH_KEYGEN=ssh-keygen
# The key that contains the name of the complete path of the 'cupsd' command.
#COMMAND_CUPSD=/usr/sbin/cupsd
# The tool to generate md5sums with
#COMMAND_MD5SUM="openssl md5"
# The key that contains the name of the complete path of the 'rdesktop' command.
#COMMAND_RDESKTOP=rdesktop
# The key that contains the name of the complete path of the 'vncviewer' command.
#COMMAND_VNCVIEWER=vncviewer
# The key that contains the name of the complete path of the 'vncpasswd' command.
# By default the builtin nxpasswd is used.
#COMMAND_VNCPASSWD="$PATH_BIN/nxpasswd"
# The key that contains the name of the complete path of the 'x11vnc' command.
#COMMAND_X11VNC=x11vnc
# The key that contains the name of the complete path of the 'taskset' command.
#COMMAND_TASKSET=taskset
#########################################################################
# Misc directives
#########################################################################
# When you installed an old 1.5.0 NX Backend, set this to 1.
#ENABLE_1_5_0_BACKEND="0"
# When set to 1 this will automatically resume started sessions
#ENABLE_AUTORECONNECT="0"
# When set to 1 this will automatically resume started sessions
# but only if an older client version is used
#ENABLE_AUTORECONNECT_BEFORE_140="1"
# When set to 1 exports NXUSERIP / NXSESSIONID in nxnode
#EXPORT_USERIP="0"
#EXPORT_SESSIONID="1"
# This can be set to any executable, which is started after session startup
# like: $NODE_AUTOSTART {start|restore}
#NODE_AUTOSTART=""
# When set to 1 will start nxagent in rootless mode.
#ENABLE_ROOTLESS_MODE="1"
# If enabled writes entries via the COMMAND_SESSREG program
# into utmp/wtmp/lastlog database.
# Note: You have to make sure that you add the nx user to the
# utmp or tty group or how its called on your system
# before this directive works.
#ENABLE_USESSION="1"
#COMMAND_SESSREG="sessreg"
# Extra options sent to the different nx agents. See !M documentation
# for examples of useful parameters.
#AGENT_EXTRA_OPTIONS_RFB=""
#AGENT_EXTRA_OPTIONS_RDP=""
#AGENT_EXTRA_OPTIONS_X="-nolisten tcp"
# The number of seconds we wait for the nxagent to start before
# deciding startup has failed
#AGENT_STARTUP_TIMEOUT="60"
# The font server the agent will use. If set to "" no font server is used.
# For this to do any good, the client has to have the same font server set
# in /etc/X11/XF86Config
#AGENT_FONT_SERVER=""
# Disable or enable use of 'tcp nodelay' on proxy. Old versions of Linux
# kernels have problems using this option on sockets that will cause a loss
# of TCP connections. This option is not set by default to allow clients to
# specify whether to enable or disable TCP nodelay. Setting this option to
# the value of "0" NX proxy avoids using 'tcp nodelay' but it will cause a
# loss of interaction in sessions.
#PROXY_TCP_NODELAY=""
# Extra options to nxproxy. See !M documentation for useful parameters.
#PROXY_EXTRA_OPTIONS=""
# In case you want to use an external 'rdesktop' command
# set this to "1".
#
# If nxdesktop cannot be found this is set automatically to "1".
#ENABLE_EXTERNAL_NXDESKTOP="1"
# This configuration variable determines if 'rdesktop' command should be run with -k keyboard option
# or if the keyboard should be autodetected.
#
#ENABLE_EXTERNAL_NXDESKTOP_KEYBOARD="1"
# In case you want to use an external 'nxviewer' command
# set this to "1".
#
# If nxviewer cannot be found this is set automatically to "1".
#ENABLE_EXTERNAL_NXVIEWER="1"