Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
NX> 203 NXSSH running with pid: 4756
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: xxx.xxx.xxx.xxx on port: xxxxx (my edit)
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
NX> 105 hello NXCLIENT - Version 3.2.0
NX> 134 Accepted protocol: 3.2.0
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: xxx (my edit)
NX> 102 Password:
NX> 103 Welcome to: ubuntu user: xxx (my edit)
NX> 105 listsession --user="xxx" --status="suspended,running" --geometry="1440x900x32+render" --type="unix-kde"
NX> 127 Sessions list of user 'xxx' for reconnect:
Display Type Session ID Options Depth Screen Status Session Name
------- ---------------- -------------------------------- -------- ----- -------------- ----------- ------------------------------
NX> 148 Server capacity: not reached for user: xxx
NX> 105 startsession --link="isdn" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="tt" --type="unix-kde" --geometry="1434x808" --client="winnt" --keyboard="pc102/no" --screeninfo="1434x808x32+render"
Permission denied (publickey).
NX> 280 Exiting on signal: 15
--
Client: NoMachine windows client
Server: Kubuntu 9.10 with freenx installed from ppa repository
Server config:
/etc/ssh/sshd_config:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AllowUsers nx xxx (edit by me)
UsePAM yes
/etc/nxserver/node.conf - snippet of what I've changed
# Authentication directives
# This adds the usermode to the possible authentication methods
# Usermode means that a user can start the nxserver as his shell
# and connect directly to the right server via a custom client.
#ENABLE_USERMODE_AUTHENTICATION="0"
# This adds the passdb to the possible authentication methods
ENABLE_PASSDB_AUTHENTICATION="1"
# This adds SSH to the possible authentication methods. For it to work sshd
# must be set up at localhost accepting password authentication.
ENABLE_SSH_AUTHENTICATION="0"
# This adds SU to the possible authentication methods. For it to work the
# "nx" user must be in the wheel (RedHat, Fedora) or the users group (SUSE)
# and the user logging in must have a valid shell that accepts the -c
# parameter.
#ENABLE_SU_AUTHENTICATION="0"
--
My SSH key has a passphrase, but I have tried with no passphrase also.
The permission denied (public key) indicates either a permissions problem with your authorized_keys file OR a mis-match where you don't have the public key installed on the server that the client is trying to authenticate against.
I forgot to mention that I imported the client.id_dsa.key from /var/lib/nxserver/home/.ssh to the client and saved it in C:\program files\nxserver\share.
Thanks for the link, I've read it several times.. been testing/googling alot today
EDIT::It works with default keys now, had to set authentication = SU in /etc/nxserver/node.conf. All other authentication methodes set to "0". Will hopefully get it on with custom keys now.
EDIT2:: Might have found the issue.. I do not have the directory /var/lib/nxserver/home/custom_keys. Many howto's mentions this..strange.
Last edited by crispyleif; 02-27-2010 at 07:26 AM.
Finally got it working. Easy enough once you try/fail enough times..
I decided to challenge myself with making a script to automate this, including the ssh-part. This will also make it easy to give remote support to my brother who just starting using Linux (which is how I discovered FreeNX in the first place).
For the guru's out there this might seem bloated and trivial, but judging by the amount of unanswered questions regarding the subject I am sure I'm not alone in struggling with this (well not struggling anymore).
So in case someone out there will benefit, here's my script for automatically setting up OpenSSH + FreeNX with pubkey access from PuTTY and NX client.
Code:
#!/bin/bash
# Script for setting up FreeNX with custom keys, and SSH-server if not running.
# Suitable for non-headless boxes you want access to, else just use ssh.
# SSH-keys are set up for PuTTY import, so pubkey is added to /%h/.ssh/authorized_keys.
# This is, obviously, just my way of doing it, my needs are a Linux server
# with secure GUI access from work. Feel very free to adjust.
#
# Running this script will result in the following:
#
# OpenSSH will be installed and configured with key authorization only, using RSA 4096 bit key.
# FreeNX will be installed and configured with custom keys.
#
# Written by Svein Arne Rĝed. Use at your own risk, there is no guarantee.
# This script is tested working on Kubuntu 9.10.
#####################################################################################################
# Prerequisites (OpenSSH + key and some variables)
#####################################################################################################
# Make sure script is running as root
if [ "$(id -u)" != "0" ]; then
echo "This script must run as root." 1>&2
exit 1
fi
if [ "$1" == "" ]; then
echo -e "\n Usage: sshnx [user] \n"
exit 1
else
export USER="$1"
fi
# Adjust if your distro does it another way
export SSHD_CONFIG="/etc/ssh/sshd_config"
export FREENX_CONFIG="/etc/nxserver/node.conf"
# Check for present SSH-server and install if not present
type -P sshd &>/dev/null || { \
echo "No OpenSSH-server found, installing one now."; aptitude install --assume-yes \
openssh-server ssh; } && echo -e "SSH server found, moving on.. \n"
if [ ! -f /home/${USER}/.ssh/id_rsa ]; then
echo "RSA key not found for user $USER, generating.. ";
su $USER -c "ssh-keygen -t rsa -b 4096 -f /home/${USER}/.ssh/id_rsa -N ''";
su $USER -c "touch /home/${USER}/.ssh/authorized_keys";
cat /home/${USER}/.ssh/id_rsa.pub >> /home/${USER}/.ssh/authorized_keys
else
echo -e "RSA key found for user $USER, I will skip creating in case you \
want to use the existing one(s). \n"
fi
#####################################################################################################
# Getting FreeNX
#####################################################################################################
type -P nxserver &>/dev/null && echo -e "\nFreeNX server found, moving on \n" || { \
echo -e "\nGetting FreeNX\n"; aptitude install --assume-yes python-software-properties;
add-apt-repository ppa:freenx-team; aptitude update; aptitude install --assume-yes freenx; }
#####################################################################################################
# Configure OpenSSH + FreeNX
#####################################################################################################
echo "# Added by sshnx script" >> ${SSHD_CONFIG}
echo "AllowUsers nx ${USER}" >> ${SSHD_CONFIG}
sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/' ${SSHD_CONFIG}
echo "# Made sure that PubkeyAuthentication was set to yes" >> ${SSHD_CONFIG}
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' ${SSHD_CONFIG}
echo "# Made sure that PermitRootLogin was set to no" >> ${SSHD_CONFIG}
sed -i 's/^#[[:space:]]*PasswordAuthentication/PasswordAuthentication/' ${SSHD_CONFIG}
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' ${SSHD_CONFIG}
echo "# Made sure that PasswordAuthentication was set to no" >> ${SSHD_CONFIG}
sed -i 's/StrictModes no/StrictModes yes/' ${SSHD_CONFIG}
echo "# Made sure that StrictModes was set to yes" >> ${SSHD_CONFIG}
sed -i 's/LogLevel INFO/LogLevel VERBOSE/' ${SSHD_CONFIG}
echo "# Made sure that we can log attempted logins (LogLevel VERBOSE)" >> ${SSHD_CONFIG}
sed -i 's/UsePAM no/UsePAM yes/' ${SSHD_CONFIG}
echo "# Made sure that we use PAM" >> ${SSHD_CONFIG}
sed -i 's/^#[[:space:]]*AuthorizedKeys/AuthorizedKeys/' ${SSHD_CONFIG}
echo "# Made sure that AuthorizedKeys file is uncommented" >> ${SSHD_CONFIG}
sed -i 's/X11Forwarding yes/X11Forwarding no/' ${SSHD_CONFIG}
echo "# Made sure that X11Forwarding is set to no" >> ${SSHD_CONFIG}
echo -e "# sshnx script done\n" >> ${SSHD_CONFIG}
# Just to make sure..
chmod 755 /home/${USER}/.ssh
chown ${USER}:${USER} /home/${USER}/.ssh/*
chmod 600/home/${USER}/.ssh/authorized_keys
chmod 600/home/${USER}/.ssh/id_rsa
chmod 644/home/${USER}/.ssh/id_rsa.pub
clear
echo -e "\nATTENTION\n"
read -p "Press 'y' for custom keys when prompted by nxserver installer"
# Run the nxserver installscript
/usr/lib/nx/nxsetup --install
echo "# Added by sshnx script" >> ${FREENX_CONFIG}
sed -i 's/^#[[:space:]]*ENABLE_PASSDB_AUTHENTICATION/ENABLE_PASSDB_AUTHENTICATION/' ${FREENX_CONFIG}
sed -i 's/ENABLE_PASSDB_AUTHENTICATION="1"/ENABLE_PASSDB_AUTHENTICATION="0"/' ${FREENX_CONFIG}
sed -i 's/^#[[:space:]]*ENABLE_USER_AUTHENTICATION/ENABLE_USERDB_AUTHENTICATION/' ${FREENX_CONFIG}
sed -i 's/ENABLE_USERMODE_AUTHENTICATION="1"/ENABLE_USERMODE_AUTHENTICATION="0"/' ${FREENX_CONFIG}
sed -i 's/^#[[:space:]]*ENABLE_SSH_AUTHENTICATION/ENABLE_SSH_AUTHENTICATION/' ${FREENX_CONFIG}
sed -i 's/ENABLE_SSH_AUTHENTICATION="1"/ENABLE_SSH_AUTHENTICATION="0"/' ${FREENX_CONFIG}
sed -i 's/^#[[:space:]]*ENABLE_SU_AUTHENTICATION/ENABLE_SU_AUTHENTICATION/' ${FREENX_CONFIG}
sed -i 's/ENABLE_SU_AUTHENTICATION="0"/ENABLE_SU_AUTHENTICATION="1"/' ${FREENX_CONFIG}
echo "# Made sure that authentication method is SU only" >> ${FREENX_CONFIG}
sed -i 's/^#[[:space:]]*SSHD_PORT=22/SSHD_PORT=22/' ${FREENX_CONFIG}
echo "# Made sure that SSHD_PORT is uncommented" >> ${FREENX_CONFIG}
echo -e "# sshnx script done\n" >> ${FREENX_CONFIG}
cat /var/lib/nxserver/home/.ssh/server.id_dsa.pub.key >> /var/lib/nxserver/home/.ssh/authorized_keys
# Delete default keys
rm /etc/nxserver/user.id_dsa*
/etc/init.d/ssh restart
/etc/init.d/freenx-server restart >&/dev/null
echo -e "\nOpenSSH and FreeNX up and running, only PuTTY and NX client to go."
echo -e "SSH server currently listening on port 22. Remember to open/rewrite router/firewall."
echo -e "\n\nGeneral info: Import private ssh key in /home/${USER}/.ssh/id_rsa in PuTTY(gen)"
echo -e "to generate .ppk keyfile. Authorized_keys file updated with pubkey.\n"
echo "If you didn't have a RSA key the one now present has no passphrase,"
echo "add one with the following command: ssh-keygen -f /home/${USER}/.ssh/id_rsa -p"
echo -e "\nImport /var/lib/nxserver/home/.ssh/client.id_dsa.key in NX client\n\n"
Last edited by crispyleif; 03-02-2010 at 03:46 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
