[ace] NX-Connects-9

[Anthony Cuffe]

Team,

In trying to work on and release the next version of NX-Connects, I keep hitting the fundamental problem of trying to embed the ssh keys in the bundle.  During covid and after, we decided that the doctored up nxssh.exe that Adam compiled was consistently an issue and that we would tweak the bundle to use it's default behavior which is to use it's own internal library functions for ssh.  I should remind everyone here that there are two ssh jumps in the process.  The first is to the login server (acclogin).  This accepts our ssh_known_hosts file without any issues.  The second is the one that is the issue.  It when the desktop session is initiated that it uses either nxssh.exe or it's own internal library.  The problem with the library is that the only file it pays attention to is the users own ssh_known_host file (C:\Users\username\.ssh\known_hosts).  This means the first time around the usre is going to be asked to accept the key for each server.  To avoid this, the bundle has a few scripts that will set this up for them.  I will add information to the readme for users about ssh_keys and running these scripts.

So, my question is is this ok?  It seems a reasonable approach considering we will constantly be fighting the virus warnings and other issues associated with do the sneaky switch of the nxssh.exe bundle.  Honestly, having them accept the key the first time is the actual classic behavior for ssh tools.  I will send a bundle out shortly that has all the modifications, fixes, ssh_keys and latest NX client.  It's behaviour will be to ask the user to accept the hostkey for each NX server to which they connect the first time if they do not run either of the cleanup or setup scripts included.

Any feedback?

Thanks,
Anthony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/ace/attachments/20240604/e641dd2f/attachment.html>