LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices

Reply
 
Search this Thread
Old 01-04-2008, 07:05 AM   #1
temak82
LQ Newbie
 
Registered: Jan 2006
Posts: 22

Rep: Reputation: 15
NoMachines/FreeNX ssh key question


Hi all, I am running Ubuntu 7.10 and connecting to server from Windows XP client. Used dpkg to setup client, then node then server. Everything is running fine. However, I can't for the life of me figure out what's going on with the keys. I even enabled the DB in the server.cfg file and still get Authentication login failure. Here's the error I get in the Details of NX Client and when doing ./nxserver --useradd usrname


Code:
root@guest-desktop:/usr/NX/home/nx/.ssh# /usr/NX/bin/nxserver --useradd usrname
NX> 900 Setting password for user: usrname.
NX> 102 Password:
NX> 102 Confirm password:
NX> 110 Password for user: usrname added to the NX password DB.
NX> 900 Adding public key for user: usrname to the authorized keys file.
NX> 900 Verifying public key authentication for NX user: usrname.
NX> 910 WARNING: The SSH  key to be used for user authentication was
NX> 910 WARNING: added to the private authorized keys file of user
NX> 910 WARNING: but user authentication didn't succeed.
NX> 910 WARNING: Please note that, with these settings, the user won't
NX> 910 WARNING: be able to successfully run any sessions.
NX> 910 WARNING: Run the following command to get some hints on the possible
NX> 910 WARNING: reasons of the problem:
NX> 910 WARNING:
NX> 910 WARNING: nxserver --usercheck usrname
NX> 910 WARNING:
NX> 999 Bye.
and when running ./nxserver --usercheck usrname I get the following error:


Code:
NX> 900 Verifying public key authentication for NX user: usrname.
NX> 900 Adding public key for user: usrname to the authorized keys file.
NX> 900 Verifying public key authentication for NX user: usrname.
NX> 500 ERROR: Public key authentication failed
NX> 500 WARNING: NX server was unable to login as user: usrname
NX> 500 WARNING: Please check that the account is enabled to login.
NX> 500 WARNING: Also check that user's home directory, the directory
NX> 500 WARNING: ~/.ssh and the file ~/.ssh/authorized_keys2 have
NX> 500 WARNING: correct permissions according to the StrictModes of
NX> 500 WARNING: your SSHD configuration
NX> 999 Bye.
Strictmodes are enabled and I do have the authorized_keys2 in the sshd config as well. I'm not sure about the permissions though.

If someone could help me with this bit, I would greatly appreciate it.
 
Old 01-04-2008, 09:43 AM   #2
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
I think the permissions of "~usrname/.ssh" are incorrect. It must be 0700 for the base dir and 0600 for the files on it. Check it and/or fix it using "chmod -R 0600 ~usrname/.ssh" and after this, "chmod 0700 ~usrname/.ssh" in this order.
 
Old 01-04-2008, 10:23 AM   #3
temak82
LQ Newbie
 
Registered: Jan 2006
Posts: 22

Original Poster
Rep: Reputation: 15
maroszs, thank you for your input. I did check that already and they were set. That's why I'm stumped. Keep the suggestions coming.
 
Old 01-12-2011, 07:58 PM   #4
sharky
Member
 
Registered: Oct 2002
Posts: 386

Rep: Reputation: 37
This is an old thread but I don't see a solution and now I'm having the same issue. I can ssh but can not connect to nxserver. usercheck returns an ERROR but I have no idea how to fix it.

Quote:
> sudo /usr/NX/bin/nxserver --usercheck myself
NX> 900 Verifying public key authentication for NX user: myself.
NX> 900 Adding public key for user: myself to the authorized keys file.
NX> 900 Verifying public key authentication for NX user: myself.
NX> 500 ERROR: Public key authentication failed
NX> 500 WARNING: NX server was unable to login as user: myself
NX> 500 WARNING: Please check that the account is enabled to login.
NX> 500 WARNING: Also check that user's home directory, the directory
NX> 500 WARNING: ~/.ssh and the file ~/.ssh/authorized_keys2 have
NX> 500 WARNING: correct permissions according to the StrictModes of
NX> 500 WARNING: your SSHD configuration
NX> 999 Bye.
 
Old 01-13-2011, 08:15 AM   #5
MCD555
Member
 
Registered: May 2009
Location: Milan, Italy
Distribution: Ubuntu, Debian, Fedora, Oracle Linux
Posts: 106

Rep: Reputation: 9
Try using the private key generated by freenx...
I mean the one saved in:

/var/lib/nxserver/home/custom_keys/client.id_dsa.key

Just copy the key and put that in your NX client...

Quote:
Originally Posted by sharky View Post
This is an old thread but I don't see a solution and now I'm having the same issue. I can ssh but can not connect to nxserver. usercheck returns an ERROR but I have no idea how to fix it.

Last edited by MCD555; 01-13-2011 at 08:16 AM.
 
Old 01-13-2011, 10:01 AM   #6
sharky
Member
 
Registered: Oct 2002
Posts: 386

Rep: Reputation: 37
Quote:
Originally Posted by MCD555 View Post
Try using the private key generated by freenx...
I mean the one saved in:

/var/lib/nxserver/home/custom_keys/client.id_dsa.key

Just copy the key and put that in your NX client...
I'm using nomachine, not freenx. I think the same thing is in /usr/NX/home/ but I'm at work so I'll have to check at lunch time or after work.

Pardon the stupid question but how to a actually 'use' a different key?
 
Old 01-13-2011, 10:45 AM   #7
MCD555
Member
 
Registered: May 2009
Location: Milan, Italy
Distribution: Ubuntu, Debian, Fedora, Oracle Linux
Posts: 106

Rep: Reputation: 9
Quote:
Originally Posted by sharky View Post
I'm using nomachine, not freenx. I think the same thing is in /usr/NX/home/ but I'm at work so I'll have to check at lunch time or after work.

Pardon the stupid question but how to a actually 'use' a different key?
Yes, you're right, may I missunderstood the original question, sorry!
But as I know the client key must be generated and distributed by the NX server:

Quote:
The initial login between client and server happens through a DSA key-pair. The public part is provided during the installation of the server, while the private part is distributed together with the NX Client. In order to replace the default keys used by clients, you need to generate a new DSA key-pair and distribute the private part to those clients you want to get connected to the server.
and also the file
/usr/NX/home/nx/.ssh/authorized_keys2
should be masked 644.

Sorry but I use freenx and not NX (but they seems very closed from this point of view), I get this info from http://www.nomachine.com/documents/admin-guide.php

Hope to get the right focus on this and give you an useful hint....
 
Old 01-13-2011, 10:38 PM   #8
sharky
Member
 
Registered: Oct 2002
Posts: 386

Rep: Reputation: 37
I switched to freenx. Still no joy.
 
Old 01-14-2011, 03:26 AM   #9
MCD555
Member
 
Registered: May 2009
Location: Milan, Italy
Distribution: Ubuntu, Debian, Fedora, Oracle Linux
Posts: 106

Rep: Reputation: 9
Quote:
Originally Posted by sharky View Post
I switched to freenx. Still no joy.
... are you getting the same issue?
Are you using Linux Mint? On my fedora 14 it has been configured in minutes without particoular issues....
 
Old 01-17-2011, 06:12 PM   #10
jacklh
LQ Newbie
 
Registered: Aug 2006
Posts: 2

Rep: Reputation: 0
I first performed the following command to add my account to NX database.

sudo /usr/NX/bin/nxserver --useradd mylogid --administrative

The following thread then solved my issue: http://ubuntuforums.org/archive/index.php/t-449382.html.

Basically uncomment and ensure in /usr/NX/etc/server.cfg that the following *TWO* vars are pointing to your (custom) SSH port. Mine isn't 22.

# Specify the TCP port where the NX server SSHD daemon is running.
#
#SSHDPort = "22"

# Specify the TCP port where the SSHD daemon is running on the NX SSH
# authentication server.
#
#SSHDAuthPort = "22"

Then, you need to ensure /etc/ssh/sshd_config is pointing to the correct authorization file. Mine defaulted to authorized_keys but NX uses authorized_keys2, so I modified the following line.

AuthorizedKeysFile %h/.ssh/authorized_keys2

Be sure to restart the SSHD server to re-read config: sudo service ssh restart
Be sure to restart the NX server to re-read config: sudo /usr/NX/bin/nxserver --restart

Last edited by jacklh; 01-17-2011 at 06:16 PM.
 
Old 01-18-2011, 04:32 PM   #11
MCD555
Member
 
Registered: May 2009
Location: Milan, Italy
Distribution: Ubuntu, Debian, Fedora, Oracle Linux
Posts: 106

Rep: Reputation: 9
Quote:
Originally Posted by jacklh View Post
I first performed the following command to add my account to NX database.

sudo /usr/NX/bin/nxserver --useradd mylogid --administrative

The following thread then solved my issue: http://ubuntuforums.org/archive/index.php/t-449382.html.

Basically uncomment and ensure in /usr/NX/etc/server.cfg that the following *TWO* vars are pointing to your (custom) SSH port. Mine isn't 22.

# Specify the TCP port where the NX server SSHD daemon is running.
#
#SSHDPort = "22"

# Specify the TCP port where the SSHD daemon is running on the NX SSH
# authentication server.
#
#SSHDAuthPort = "22"

Then, you need to ensure /etc/ssh/sshd_config is pointing to the correct authorization file. Mine defaulted to authorized_keys but NX uses authorized_keys2, so I modified the following line.

AuthorizedKeysFile %h/.ssh/authorized_keys2

Be sure to restart the SSHD server to re-read config: sudo service ssh restart
Be sure to restart the NX server to re-read config: sudo /usr/NX/bin/nxserver --restart
For Ubuntu distros the Bible can be found here:

https://help.ubuntu.com/community/Fr.../stop%20FreeNX

I've tested the procedure with Ubuntu 10.10 (Maverick) that should be the same for Lenny (or viceversa, ;-))!

Once you've got and installed freenx:

-> get nxsetup from here

-> move it in the right position and change the owner to root
Quote:
sudo mv nxsetup /usr/lib/nx/nxsetup
sudo chown root:root /usr/lib/nx/nxsetup
-> perform the installation
Quote:
sudo /usr/lib/nx/nxsetup --install
At this point, to set up the SSH "relationship" just run

Quote:
sudo dpkg-reconfigure freenx-server
to generate a Custom key (the option to choose in the first screen) and SSH as freenx authentication type.
Now you have the key to distributed to the client(s) so you need to:

copy the client key just generated in your home directory:

Quote:
sudo cp /var/lib/nxserver/home/.ssh/client.id_dsa.key ~/
and give it to the client.
The client just need to import it!

This works for me and I hope this works for you!
 
Old 02-08-2011, 04:18 PM   #12
MCD555
Member
 
Registered: May 2009
Location: Milan, Italy
Distribution: Ubuntu, Debian, Fedora, Oracle Linux
Posts: 106

Rep: Reputation: 9
Quote:
Originally Posted by MCD555 View Post
For Ubuntu distros the Bible can be found here:

https://help.ubuntu.com/community/Fr.../stop%20FreeNX

I've tested the procedure with Ubuntu 10.10 (Maverick) that should be the same for Lenny (or viceversa, ;-))!

Once you've got and installed freenx:

-> get nxsetup from here

-> move it in the right position and change the owner to root


-> perform the installation


At this point, to set up the SSH "relationship" just run



to generate a Custom key (the option to choose in the first screen) and SSH as freenx authentication type.
Now you have the key to distributed to the client(s) so you need to:

copy the client key just generated in your home directory:



and give it to the client.
The client just need to import it!

This works for me and I hope this works for you!
* * * UPDATE * * *

Last days I was unable to access a freenx server due to the following error:

in the directory
Code:
/var/lib/nxserver/home/.ssh
there is the link
Code:
authorized_keys2 -> /etc/nxserver/server.id_dsa.pub.key
to make it works correctly just add
Code:
ln -s /etc/nxserver/server.id_dsa.pub.key authorized_keys
I confirm that to login with freeNX you need your ssh key (usually the one that has the public part saved in the /home/[user_name]/.ssh/authorized_keys) and the private key /etc/nxserver/users.id_dsa !

The freenx server is running on a Fedora 14 64bit.

Hope this help too!!!
 
Old 02-29-2012, 05:02 AM   #13
rmarsf
LQ Newbie
 
Registered: Feb 2012
Posts: 1

Rep: Reputation: Disabled
same problem - resolved

i had exactly the same problem.


root@#####:/usr/NX# ./bin/nxserver --usercheck #####
NX> 900 Verifying public key authentication for NX user: ######.
NX> 900 Adding public key for user: ##### to the authorized keys file.
NX> 716 Public key is already present in: /home/####/.ssh/authorized_keys2.
NX> 900 Verifying public key authentication for NX user: ####.
NX> 500 ERROR: Public key authentication failed
NX> 500 WARNING: NX server was unable to login as user: #####
NX> 500 WARNING: Please check that the account is enabled to login.
NX> 500 WARNING: Also check that user's home directory, the directory
NX> 500 WARNING: ~/.ssh and the file ~/.ssh/authorized_keys2 have
NX> 500 WARNING: correct permissions according to the StrictModes of
NX> 500 WARNING: your SSHD configuration
NX> 999 Bye.


the resolution was as mentioned above. ensuring that in /etc/ssh/sshd_config the one line:
AuthorizedKeysFile %h/.ssh/authorized_keys2

then restart sshd (as root)
/etc/init.d/ssh restart

then it worked
root@#####:/usr/NX# ./bin/nxserver --usercheck ####
NX> 900 Verifying public key authentication for NX user: ####.
NX> 900 Public key authentication succeeded.
NX> 999 Bye.
 
1 members found this post helpful.
Old 12-19-2012, 03:55 PM   #14
ronramiro
LQ Newbie
 
Registered: Jul 2006
Posts: 2

Rep: Reputation: 0
NX server 3.5.0-9 working on Fedora 17

I install it on fedora 17. Also have a problem with the key authentication.

I only had to include in /etc/ssh/sshd_config the line
AuthorizedKeysFile %h/.ssh/authorized_keys2

and change the line
AuthorizedKeysFile .ssh/authorized_keys
to
#AuthorizedKeysFile .ssh/authorized_keys

then restart sshd (as root)
/etc/init.d/ssh restart
 
Old 12-21-2012, 03:18 AM   #15
MCD555
Member
 
Registered: May 2009
Location: Milan, Italy
Distribution: Ubuntu, Debian, Fedora, Oracle Linux
Posts: 106

Rep: Reputation: 9
Did you try the command:

Quote:
./bin/nxserver --usercheck [Your_USER]
to verify?
Or try to post that output here!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeNX key problem mickeyboa Fedora 1 01-14-2011 10:46 AM
ssh private key question vonedaddy Linux - Security 4 01-14-2008 10:41 AM
Installed Freenx. Changed sshd config. Can't ssh root. CrewXp Linux - Software 1 08-13-2007 04:52 AM
SSH FreeNX server am I being invaded? dasbooter Linux - Security 6 04-26-2006 04:30 AM
setup freenx ssh blocked meping Linux - Software 2 04-13-2006 06:39 PM


All times are GMT -5. The time now is 01:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration