I am looking at NX and installed the NX client on XP and FreeNX on the 10.3 openSUSe box. I tried connecting and got the following error message

NX> 203 NXSSH running with pid: 880
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 192.168.2.39 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.


As root I have installed FreeNX using Yast and ran the line,

linux:/ # nxsetup --install --setup-nomachine-key --clean

I installed the NX client for WinXP from NoMachine NX and set it up using the connection wizard entering my user name, password and IP address, desktop (gnome)

How do I trouble shoot this..
thanks for your time..

I just went through this, and to say the least, it took some time to make it work. That said, this is an ssh problem authentication problem, not a NX problem.

When you installed the server, a public key was created. It needs to be copied to the client. Once on the client, imported into the client. Have you done that?

Another issue, is the directory and file permissions on the server for the authorized.keys2 file. Running the setup as you did is supposed to set these permissions to the correct values, on my system they were wrong. Here is what worked on my server.

Note, the 640 is what worked, it was set to 600 after setup, and did not work like that.

There are still some things I'm not sure about. The NX user is one. When I installed the server the NX user was created as a 'disabled' user. I had to add it to my user group. I can not remember where I saw that information, I think it was on another thread for similar issues.

I found this command 'tail -f /var/log/messages' invaluable in fixing my problems. Run it on the server as root after a failed attempt to connect. It helped me fix another problem, after the NX user connected. I have a /etc/hosts.allow and /etc/hosts.deny files set up for security. Your user will log in through localhost 127.0.0.1. I had it blocked, so I had to add it 127.0.0.1 to the ssh hosts allow line. ( Don't sweat that until you get there ) and you won't unless you have already configured those files...

Hope this helps.

Thanks Cliff,

I had been poking around last night and found that the public key hadn't been created (when I had done the setup in the first place I was on a VNC connection, wonder if this makes a difference) So last night I added a monitor/key/mouse to the headless system and did the work direct and got a key but I had to get on with other stuff and I will continue tonight - I thank you for your info as I will check the permissions - since I'm a Linux rookie I'm still learning the various commands and location of things.

Stephen

Been playing and this is what I have found..

planb:/var/lib/nxserver/home/.ssh # ls -l
total 12
-rw------- 1 nx root 669 2008-07-03 20:49 authorized_keys2
-rw------- 1 nx root 668 2008-07-03 20:49 client.id_dsa.key
-rw-r--r-- 1 nx root 230 2008-07-03 20:49 known_hosts


You show a line that I don't have

-rw------- 1 nx root 601 Jul 2 16:01 server.id_dsa.pub.key

Also what is 640 and 600 for chmod? I havent changed anything yet


I also ran .. (anything in here that is of interest?)

planb:/home/stephen # tail -f /var/log/messages
Jul 5 09:34:55 planb smartd[3186]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 39 to 38
Jul 5 09:34:55 planb smartd[3186]: Device: /dev/sdb, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 38 to 37
Jul 5 09:44:12 planb gconfd (stephen-3343): starting (version 2.20.0), pid 3343 user 'stephen'
Jul 5 09:44:12 planb gconfd (stephen-3343): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Jul 5 09:44:12 planb gconfd (stephen-3343): Resolved address "xml:readwrite:/home/stephen/.gconf" to a writable configuration source at position 1
Jul 5 09:44:12 planb gconfd (stephen-3343): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Jul 5 09:44:12 planb gconfd (stephen-3343): Resolved address "xml:readonly:/etc/gconf/gconf.xml.schemas" to a read-only configuration source at position 3
Jul 5 09:44:26 planb gconfd (stephen-3343): Resolved address "xml:readwrite:/home/stephen/.gconf" to a writable configuration source at position 0
Jul 5 09:46:00 planb su: (to root) stephen on /dev/pts/0
Jul 5 09:50:56 planb su: (to root) stephen on /dev/pts/1
Jul 5 09:59:38 planb dhclient: DHCPREQUEST on eth0 to 192.168.2.1 port 67
Jul 5 09:59:38 planb dhclient: DHCPACK from 192.168.2.1
Jul 5 09:59:38 planb dhclient: bound to 192.168.2.39 -- renewal in 1497 seconds.
Jul 5 10:04:31 planb syslog-ng[2138]: STATS: dropped 0
Jul 5 10:04:56 planb smartd[3186]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 47 to 48

The numbers represent who can read, write and execute ( permissions ) on the file. The first digit is for owner, the second is group, and the third digit is for any other user. The 6 is read + write permission. I spent a lot of time in the documentation for ssh, it is very fussy ( as it should be for security reasons ) what permissions are set.

The chmod command allows the owner (and root) of the file to change permissions. So, a command to allow owner to read/write + group to read the file would be 'chmod 640 authorized_keys2' ( without the quotes ). You can alter the combination of bits, ( its binary counting ) up t0 777 which would allow everyone to read, write and execute a file. You don't want that for the authorized_keys2 file.

I'm not sure why you don't have the server.id_dsa.pub.key, or what that key is for. When you install Freenx server, it installs with a pre-generated key pair. In theory all you need to do is copy that key to the client, import it, and you should be in. That will not work if you have set up sshd to connect with keys. ( That is what I fought for so long ). I also found it confusing, keys for ssh on a stand alone basis, and now more keys for NX.

In general, there is a command for ssh called ssh_keygen. It will generate a key pair. One key is the server private key and is not distributed. It will create a public key which is give to the client system. You can safely e-mail it, ftp it, or even use samba to copy it. The private key is put in the authorized keys file. When sshd receives a log on request and the method of authorization is keys, it looks at the authorized keys file, runs some code to determine if this key just received is a known key. If yes, you are in, if not, it fails the log on attempt.

So, you could generate a new key pair, add the private key to the config file, and send the private key to the client. This is how I set up ssh on my systems. It is over the top for a home lan, but very necessary if you plan on accessing a system across the internet. I followed a how to on this board the first time I set up ssh to connect without passwords, using keys. Look in the tutorials under networking, you will find it.

The authorization process and log on I found confusing as well. This is what I understand right now. When you try to connect with Nxclient, you send the public key in the client with user NX ( not the user and password ( yet ). That will go to the authorized_keys2 file to set up the ssh (secure) connection from client to server. This is the part you are not past yet. When NX user is authorized, then the user you are logging in with is authorized with the password you send. I found out the hard way that second authorization uses ip address 127.0.0.1 ( localhost ) to authorize. Of course you have to use the correct password for the client, the same one you log on locally with.

I did not see anything to get excited about ( this time ) in messages. Look there after a failed attempt to log in. I found the messages in the nxclient good to look at, you have already been there.

At this point, I would say change the permissions on authorized_keys2 to 640, and try again.

Copy the public key to your client. I found on the client a configuration button. Click it, and you will see the key data in the client. That is the public pre-gened key. I marked it, deleted it, and pressed save. Now you will see no key. Now import the key from the server, and save it. You should see the pub key data now.

Now try to log on and see how far you get. Success will get you a black window with the NX logo in the middle. It takes a few seconds for the desktop to start loading. When I first connect I see KDE coming up. I get a user/password screen, just as if I'm sitting at the server. Log in as normal, and enjoy.

Hope this helps.

Hi again.. tried what you suggested but no luck

I unistalled nxserver then tried again...

planb:~ # nxsetup --install --setup-nomachine-key --ignore-errors --clean --purge
/usr/bin/nxloadconfig: line 285: /opt/kde3/bin/kde-config: No such file or directory
Removing configuration files ...done
Setting up /etc/nxserver ...done
Generating public/private dsa key pair.
Your identification has been saved in /etc/nxserver/users.id_dsa.
Your public key has been saved in /etc/nxserver/users.id_dsa.pub.
The key fingerprint is:
1e:28:8f:03:1b:13:f6:f6:48:69:12:a3:d3:2f:f4:f2 root@planb
Setting up /var/lib/nxserver/db ...done
Setting up /var/log/nxserver.log ...done
Setting up special user "nx" ...done
Setting up known_hosts and authorized_keys2 ...done
Setting up permissions ...done
Setting up cups nxipp backend ...done

----> Testing your nxserver configuration ...
/usr/bin/nxloadconfig: line 285: /opt/kde3/bin/kde-config: No such file or directory
planb:

I then used chmod on the authorized_keys2 file ...

planb:/var/lib/nxserver/home/.ssh # ls-l
total 12
-rw-r----- 1 nx root 669 2008-07-10 20:45 authorized_keys2
-rw------- 1 nx root 668 2008-07-10 20:45 client.id_dsa.key
-rw-r--r-- 1 nx root 230 2008-07-10 20:45 known_hosts

ran the following..

planb:/var/lib/nxserver/home/.ssh # nxserver --status
/usr/bin/nxloadconfig: line 285: /opt/kde3/bin/kde-config: No such file or directory
NX> 100 NXSERVER - Version 1.5.0-70 OS (GPL)
NX> 110 NX Server is running
NX> 999 Bye

planb:/var/lib/nxserver/home/.ssh # nxserver --listuser
/usr/bin/nxloadconfig: line 285: /opt/kde3/bin/kde-config: No such file or directory
NX> 100 NXSERVER - Version 1.5.0-70 OS (GPL)
NX> 146 NX users list

Username
---------------


NX> 999 Bye

No users listed?

I have added user NX to the users group

I added the key to the NX client on my XP system - I then try to log on and I get the error "The NX server is not avaiable or the NX access was disabled on host planb"

I am running Gnome

I have no firewall installed on the SUSe box and the firewall on the XP box is off, do I need to port forward on the router port 22 to the suse box?

What do you think I should check - I find it strange that you and others are running and I'm not able to get it to run - I must have missed something

I added the NX user to my regular logon user group. One thing I did, I'm not sure if I mentioned it yet, or if it has any bearing. The NX user on the server was listed as 'disabled' when I first installed the server. I connected to the system with Webmin and enabled the NX user. I do not know if that fixed anything, or if it was necessary. I just thought it was strange to have a disabled user, and then try to connect through ssh to user NX.

This appears to be a different error than before. Just a guess, could this have something to do with the status of the NX user?

Some thoughts. Can you connect with ssh now? That needs to be the starting point to get the nxserver going. I set up ssh with keys. I don't know if keys make a difference or not. You do need the ssh from XP to Suse working first.

My connection is working over a local lan. I didn't have to do anything with port 22 on my router. I suspect you would only need to forward port 22 if you are trying to connect from the internet, through your router, to Suse. Then port 22 would have to be open and forwarded to the correct IP address for your Suse system. I think I can remember a thread like this during my PD. It seems to me there may be another port to forward as well. I don't remember all the details, since I'm on a local lan.

I can't display this right now. I'm getting a "Need to change password" message from the server. I'm going to figure out that, then I'll see what I get for 'listusers' and post back.

Last thought for now, on the client, when I imported the public key, I found I had to delete the original key first, save, then import the key, save; before I could connect. If this is how you did it, you should be O.K. with the NX key.

I had to log in as root on the server to run the commands. Here is what I saw.

I don't have any users listed either. I was looking at doc on the NX site. It looks like you can create a user, but I don't believe you need to. I have it working without one.

If I try the nxserver --userlist command, as a regular use, then I get the change password message.

I guess if I need to check status etc, then I need to create a nxuser and password to talk to the nxserver. As root it works fine.

July 11

Using Putty I can log in to planb (my Linux box)which I will take that ssh is working OK

With Google I found an article "How to install FreeNX on Suse 10.0" @ http://www.linux-tip.net

Following this a article I check various things ...
- sshd is running
- but it is suggested - edit the sshd_config file to enable the HostKey file, but I am unable to gain access
to /etc/ssh/sshd_config
- the article also suggests to add the client machines to the servers /etc/hosts file - no sure how to do this

I also with some issues with permissions but the article has me adding /var/lib/nxserver/home/.ssh/client.id_dsa.key to
c:\program files\NX client for windows\share\ on my XP box.

This gets me...

Running NX Client - NoMachine gives me an error "connection error"

NX Details

NX> 203 NXSSH running with pid: 3468
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
ssh: connect to host 198.168.2.39 port 22: Connection timed out

I run ...

planb:/home/stephen # tail -f /var/log/messages
Jul 11 20:51:41 planb gconfd (root-15544): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Jul 11 20:51:41 planb gconfd (root-15544): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Jul 11 20:51:41 planb gconfd (root-15544): Resolved address "xml:readonly:/etc/gconf/gconf.xml.schemas" to a read-only configuration source at position 3
Jul 11 20:52:04 planb gconfd (stephen-3218): Resolved address "xml:readwrite:/home/stephen/.gconf" to a writable configuration source at position 0
Jul 11 20:52:11 planb gconfd (root-15544): GConf server is not in use, shutting down.
Jul 11 20:52:11 planb gconfd (root-15544): Exiting
Jul 11 20:52:28 planb dhclient: DHCPREQUEST on eth0 to 192.168.2.1 port 67
Jul 11 20:52:28 planb dhclient: DHCPACK from 192.168.2.1
Jul 11 20:52:28 planb dhclient: bound to 192.168.2.39 -- renewal in 1414 seconds.
Jul 11 20:52:50 planb su: (to root) stephen on /dev/pts/1

Well at least ssh is running, I'll keep digging not sure where though..

Thanks

Wondering what ver's of FreeNX and NX are you running - I am running whatever the latest ver's that are available thru the Yast control center.
I wonder if I should should search and D/L from http://rpm.pbone.net
the latest as there seems to be some updates here that are not on the repositories.

If the file is at that location, you need to be root to edit the file.

You may find installing Webmin a lot easier to administer your systems. It gives you the flexibility to edit files for many servers locally or from a remote location using a web browser. ( just a suggestion ). At this time there isn't any support for editing NX stuff with Webmin. Great tool for editing FTP, samba swat and many more items.

This is easy enough. The etc/hosts file is the first place your tcp/ip stack looks to resolve names to ip addresses. Since your local network is not usually known by any DNS server, the work around is to add entries in the /etc/hosts file for each host on your local network.

Here is what mine looks like.

You need to set the hostname on each system, then add the IP address with name in the /etc/hosts file. Since you have a windoze machine, add it also, and make sure you put a hosts file on the windoze system. Use the find function and edit it the same way ( notepad ) you do on linux.

Are you using fixed IP addresses, or are you using DHCP? On any, or all machines?

It looks to me as if you are using DHCP. This makes IP addresses a moving target. This can defeat finding the correct IP address in the hosts file, unless you set the server up to supply the same IP address based on MAC address. This can be done, on some routers. I had my home system set up this way for a while. It was a pain, so I went to static IP addresses ( not using DHCP ). I set the DHCP address range to seven IP addresses. This allows the laptops that come and go to connect when needed, and the desktops to have static addresses. ( best of both worlds ).

BTW, I found a similar tip on a different web site, as the one you found. What is not at all clear, is why we all struggle with these instructions. It took me several months to get NX to work the first time. Lots of small things can stop you dead in your tracks. This set of instructions is basically what I did. I'm using a Mandriva 2008.1 ( client from NX ) to Mandriva 2007 ( freenx server ) installed from urpmi, the standard package manager for Mandriva.

I ran the same setup command as you did on one of your installs. Copied the key to the client, and was stopped because I have a /etc/hosts.allow and /etc/hosts.deny files. These files control what services are allowed to connect to your tcp/ip stack, and are not part of NX. I set them up when I set up NFS file sharing. You will not have these files unless you made them your self, or some program script added them.

Versions of code...

NX client is Version 3.0.1-6. I downloaded the client from NoMachine's web site.

FreeNX was the Mandriva package. The NXserver version is:

I don't think the Mandriva package stuff will help you. I'll post it if you think it will.

I have been doing a little research, to try and understand why you may not being authenticated.

One thought I had was it may have something to do with the fact you are using XP as the client. I have an XP-home system, so I downloaded the NX client to it. I had putty installed, and verified I could ssh from XP to my system with FreeNx. That worked, all I did was ssh to FreeXn, did a cat of the public key, configured the client by adding the IP address of the Freenx server, login info, and deleted the original key in the client, cut and pasted ( through putty ) the key. It worked the first time. I have to assume there is no issue, beyond getting the information correct that should stop the configuration.

I have also doe some looking for other HowTo's. I cam across this one: http://forum.mandriva.com/viewtopic.php?t=42899 I know this is Mandriva, and you are not running it. However, reading through the instructions, one thing I noticed was the instruction to add the NX user on the Freennx system to the sshd_config file. I looked at my system, and I have added it. Just a possibility, have a look to see if you have added NX to the AllowUsers or AllowGroup.

I did not run the adduser and pasword commands, since the default in Mandriva is to accept passwd authentication. I do not know what defaults may be there, or not there on Suse. You could try to run these two commands to add your regular user to the freenx server. It can't hurt.

Hope this helps.

First things first, thanks for taking the time to help.

Also do you know of an online URL where I can post files and supply a link from within the forum post - so the post here doesn't become really large? - I have seen others use one but can't remember where.

Back to FreeNX

-Since I can access ssh from XP to Suse I have NOT enabled the hostkeys in sshd_config

I run /etc/init.d/sshd status, response is running

I run nxserver --status, response is running

I run the NX client on the XP box and I still get the time out error (as before)

I edited the /etc/hosts file to include my XP box (192.168.2.38 & it's name)

I also added the linux box (192.168.2.39 planb) to the XP hosts file (located in
c:\windows\system32\drivers\etc)

Now I do have /etc/hosts.allow and /etc/hosts.deny -

Contents of hosts.deny
# /etc/hosts.deny
# See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow
# for a detailed description.

http-rman : ALL EXCEPT LOCAL


Contents of hosts.allow
# /etc/hosts.allow
# See 'man tcpd' and 'man 5 hosts_access' for a detailed description
# of /etc/hosts.allow and /etc/hosts.deny.
#
# short overview about daemons and servers that are built with
# tcp_wrappers support:
#
# package name | daemon path | token
# ----------------------------------------------------------------------------
# ssh, openssh | /usr/sbin/sshd | sshd, sshd-fwd-x11, sshd-fwd-<port>
# quota | /usr/sbin/rpc.rquotad | rquotad
# tftpd | /usr/sbin/in.tftpd | in.tftpd
# portmap | /sbin/portmap | portmap
# The portmapper does not verify against hostnames
# to prevent hangs. It only checks non-local addresses.
#
# (kernel nfs server)
# nfs-utils | /usr/sbin/rpc.mountd | mountd
# nfs-utils | /sbin/rpc.statd | statd
#
# (unfsd, userspace nfs server)
# nfs-server | /usr/sbin/rpc.mountd | rpc.mountd
# nfs-server | /usr/sbin/rpc.ugidd | rpc.ugidd
#
# (printing services)
# lprng | /usr/sbin/lpd | lpd
# cups | /usr/sbin/cupsd | cupsd
# The cupsd server daemon reports to the cups
# error logs, not to the syslog(3) facility.
#
# (Uniterrupted Power Supply Software)
# apcupsd | /sbin/apcupsd | apcupsd
# apcupsd | /sbin/apcnisd | apcnisd
#
# All of the other network servers such as samba, apache or X, have their own
# access control scheme that should be used instead.
#
# In addition to the services above, the services that are started on request
# by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses
# the last component of the server pathname as a token to match a service in
# /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names.
# The following examples work when uncommented:
#
#
# Example 1: Fire up a mail to the admin if a connection to the printer daemon
# has been made from host foo.bar.com, but simply deny all others:
# lpd : foo.bar.com : spawn /bin/echo "%h printer access" | \
# mail -s "tcp_wrappers on %H" root
#
#
# Example 2: grant access from local net, reject with message from elsewhere.
# in.telnetd : ALL EXCEPT LOCAL : ALLOW
# in.telnetd : ALL : \
# twist /bin/echo -e "\n\raccess from %h declined.\n\rGo away.";sleep 2
#
#
# Example 3: run a different instance of rsyncd if the connection comes
# from network 172.20.0.0/24, but regular for others:
# rsyncd : 172.20.0.0/255.255.255.0 : twist /usr/local/sbin/my_rsyncd-script
# rsyncd : ALL : ALLOW
#


What changes did you make to these files?

cheers..

Did you also install any additional packages from NoMachine? I am referring to this post http://www.linuxquestions.org/questi...server-503509/

and wonder if I am missing a part of the program - but you would think I would get an error message

running ..

planb:~ # tail -f /var/log/messages
Jul 15 08:02:30 planb dhclient: DHCPREQUEST on eth0 to 192.168.2.1 port 67
Jul 15 08:02:30 planb dhclient: DHCPACK from 192.168.2.1
Jul 15 08:02:30 planb dhclient: bound to 192.168.2.39 -- renewal in 1402 seconds.
Jul 15 08:19:52 planb nmbd[2416]: [2008/07/15 08:19:52, 0] nmbd/nmbd_namequery.c:query_name_response(109)
Jul 15 08:19:52 planb nmbd[2416]: query_name_response: Multiple (2) responses received for a query on subnet 192.168.2.39 for name WORKGROUP<1d>.
Jul 15 08:19:52 planb nmbd[2416]: This response was from IP 192.168.2.16, reporting an IP address of 192.168.2.16.
Jul 15 08:25:52 planb dhclient: DHCPREQUEST on eth0 to 192.168.2.1 port 67
Jul 15 08:25:52 planb dhclient: DHCPACK from 192.168.2.1
Jul 15 08:25:52 planb dhclient: bound to 192.168.2.39 -- renewal in 1788 seconds.
Jul 15 08:26:08 planb syslog-ng[2073]: STATS: dropped 0

I don't see anything of interest...

You are welcome.

Sorry, no. Possibly one of the mods could help here...

I'm going to post my hosts.deny and hosts.allow files. Basically the deny
file stops all services, and the allow file defines what services and IP
addresses are allowed.

I added this file when I set up NFS. Portmap, lockd, rquotad, statd are all required for NFS. SSH is required for duh... ssh. You can connect with ssh, so this should not be the problem. I think I mentioned I tested my setup with XP, it works for me also.

Since you are getting a timeout, that indicates to me this is a firewall type problem. Yet you don't have one running. Hmmm. Running out of ideas.

I have a few machines on the lan. I added each one, looks messy, but it works.

No. I'm running Mandriva 2007 on the server. I used URPMI and installed just the freenx package. That installed everything on the server I needed. I did some pocking around, and compared things I could find on NoMachines site. I have the server, the proxy installed just from the mandriva package. I guess it may be possible you are missing something, but that would mean the package system didn't pick up all the needed programs and files. That would be ugly to try and sort out.