I am trying to access a Linux system from another Linux system.
On the client I am getting;

The NX service is not available or the NX acces was disabled on 92.29.xxx.xxx

Checking the server status:

[root@desktop bin]# /usr/NX/bin/nxserver --status
NX> 900 Connecting to server ...
NX> 204 Authentication to NX server failed.
NX> 110 NX Server is stopped.
NX> 999 Bye.

and restarting:

[root@desktop bin]# nxserver --start
NX> 500 Service already running.
NX> 999 Bye.

This is contradictory at the very least!
Suggestions?

TIA

try --restart

Well, here's what happens.

[alan@desktop ~]$ service nxserver --restart
Usage: /etc/init.d/nxserver {start|stop|restart}

[alan@desktop ~]$ service nxserver restart
WARNING: Service was already stopped, trying to start
Trying to start NX server:
NX> 900 NXSERVER - Version 3.5.0-9
NX> 500 ERROR: Only user: root can use option: start.
Trying to start NX statistics:
NX> 900 NXSERVER - Version 3.5.0-9
NX> 500 ERROR: Only user: root can use option: statistics.

[alan@desktop ~]$ su
Password:
[root@desktop ~]# /usr/NX/bin/nxserver --start
NX> 500 Service already running.
NX> 999 Bye.

[root@desktop ~]# /usr/NX/bin/nxserver --status
NX> 900 Connecting to server ...
NX> 204 Authentication to NX server failed.
NX> 110 NX Server is stopped.
NX> 999 Bye.

Meanwhile on the client, it just times out.

How is nxserver configured?
Which kind of encryption is enforced, if any?
Is the user in systems user database?

Sorry for the delay, my broadband deteriorated suddenly and needed an injection of threatening to go elsewhere to restore it.

nxserver has been executed with its default settings.

From the remote machine, as host I have entered the hostname that I set up on DynDNS and port 1194 that I opened on the router.

What do you mean by port 1194 on the router? Are you port forwarding 1194 from your router to the NX server's port 22? NX will assume sshd is running on port 22, so if you are forwarding port 1194 to 22, you will need to configure the client to connect to port 1194.

Did you generate your own NX server keys, or are you using the default ones?
If you generated your own keys, you need to import your key to the client.
The client key file is located at /etc/nxserver/client.id_dsa.key on your NX server.
Copy the file to your client machine and import it to the client under Configure->Key...->Import button.

NX is also very picky about ownership and permissions of its working and config dirs.
Check that 'nx' is the owner of both /etc/nxserver and /var/lib/nxserver dirs. Also make sure only the nx user can read the .key and .id_dsa files in /etc/nxserver. i.e. chmod 600 /etc/nxserver/*.key and chmod 600 /etc/nxserver/*.id_dsa

If you still can't connect, try re-running the nxsetup script. At the end of nxsetup, it does a test to the server, if that test works, and your client has the correct key, NX should work.

Sorry, I confused NX with openvpn. Port 22 is indeed open.
I regenerated the key and copied it to the client and imported it.

The keys on my system are held at /usr/NX/share/keys.

I don't have the directories that you specified but I set the owner of /usr/NX/share and /usr/NX/var to nx.

nxclient now reports:

The authenticity of host asandco.dyndns-work.com, 2.96.151.2 can't be established.

The RSA key fingerprint is: ......

The host details are correct (that is an improvement believe me)!

The 'details' supplied by nxclient are:

NX> 203 NXSSH running with pid: 14485
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 2.96.151.2 on port: 22
NX> 211 The authenticity of host 'asandco.dyndns-work.com (2.96.151.2)' can't be established.
RSA key fingerprint is 78:d8:98:5c:9d:de:fa:d6:cf:76:9c:eb:5d:0a:f0:78.
Are you sure you want to continue connecting (yes/no)?
Warning: Permanently added 'asandco.dyndns-work.com,2.96.151.2' (RSA) to the list of known hosts.
NX> 202 Authenticating user: nx
Connection closed by 2.96.151.2

Where should I pick up the nxsetup script if you still think that I need it?

Based on the last message: "NX> 202 Authenticating user: nx", the server is not accepting the nx user key from the client.
You can look in /var/log/secure for error messages concerning the 'nx' user. The errors may point to the problem.

Did you install NX from rpms? If so, which ones? I ask because if there is no /etc/nxserver or /var/lib/nxserver dirs on the server, it appears you do not have the freenx-server rpm installed.

Check for these rpms on your server:
nx
freenx-server

For Fedora, these rpms are part of the Fedora repos, for the Redhat rpms I use the ones at www.atrpms.net

Thanks for replying.

I am using a 64-bit not-yet-released version of PClinuxOS 2011. The rpms were installed from its repo. They are described as free NX and are:

nxclient 3.5.0-7
nxnode 3.5.0-7
nxserver 3.5.0-9

However I cannot find the the actual rpms on the system!
Since our last exchange, I have painstakingly gone through the process of creating and configuring new keys following the instructions on the Nomachines site.

The 'update' file from /usr/NX/var/log on the server shows this:

NX> 704 Running: /bin/rm -f '/usr/NX/home/nx/.ssh/authorized_keys2'.
NX> 704 Result: OK.
NX> 704 Starting: server-keygen operation at: Wed Feb 29 12:00:20 2012.
NX> 704 Generating new ssh-keys. Please wait.
NX> 704 Keys generated correctly. Backing up files.
NX> 704 Back up of keys made. Updating files.
NX> 704 Keys updated. NX clients should now use key:
NX> 704 /usr/NX/share/keys/default.id_dsa.key
NX> 704 to get connected to this NX server.
NX> 704 Running: /bin/cp -p '/usr/NX/home/nx/.ssh/default.id_dsa.pub' '/usr/NX/home/nx/.ssh/authorized_keys2'.
NX> 704 Result: OK.

Checking the server before trying to execute the client produced this:

# /usr/NX/bin/nxserver --status
NX> 900 Connecting to server ...
NX> 204 Authentication to NX server failed.
NX> 110 NX Server is stopped.
NX> 999 Bye.

# /usr/NX/bin/nxserver --start
NX> 500 Service already running. //This is bizarre!
NX> 999 Bye.

Now running the client with its new key in place produces this:
'The NX service is not available or the NX access was disabled on host asandco.dyndns.com'

Pressing 'Detail' gave additional info:

NX> 203 NXSSH running with pid: 11461
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX values
NX> 200 connected to address: 2.96.151.2 on port: 22 //That's the address returned by ddns server
NX> 202 Authenticating user: nx //This puzzles me, I logged in as 'alan'
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

Checking the status of the server again produced this:
# /usr/NX/bin/nxserver --status

NX> 900 Connecting to server ...
NX> 204 Authentication to NX server failed.
NX> 110 NX Server is stopped.
NX> 999 Bye.

On the face of it something is preventing the NX server from continuing to work once its status is checked (quantum effect <G>).

Well it still appears to be a NX key issue.

NX uses a two stage authentication method. The first stage is a ssh key exchange using the 'nx' user's ssl key. That is the stage where you are being stopped, as indicated by these messages:
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

Had the key exchange for the nx user succeeded, then NX would have authenticated the user 'alan', but it is not getting that far.
There should be some logging of the sshd process that will tell what the problem is with the public key auth of the nx user. I am not sure which file it is on PClinuxOS, but sshd must be logging to somewhere. You need to find the file sshd logs to.
On Fedora and Redhat it is /var/log/secure, check the docs for PCLinuxOS's sshd to find the log file.

1 members found this post helpful.

Last night several friends looked at this problem. One determined that NX is using nxssh not ssh which is why I could not locate the logs. Another recommended that I wind back. Uninstall everything on both server and remote client, delete all related files and then reinstall. I did it twice because of the install report, reproduced below:

While installing package nxserver-3.5.0-9:

NX> 700 Installing: server at: Fri Mar 02 16:13:56 2012.
NX> 700 Autodetected system: mandrake.
NX> 700 Install log is: /usr/NX/var/log/install.
NX> 700 Creating configuration file: /usr/NX/etc/server.cfg.
NX> 723 Cannot start NX statistics:
NX> 709 NX statistics are disabled for this server.
NX> 700 WARNING: Error when trying to connect to NX server, error is:
NX> 700 WARNING: nxsetup cannot validate the sanity of the current installation:
NX> 700 WARNING: the current system or NX configuration could be broken.
NX> 700 WARNING: If difficulties arise (for example sessions cannot be started),
NX> 700 WARNING: it is advisable that you try to uninstall the NX server and the
NX> 700 WARNING: NX client packages then install them again.
NX> 700 WARNING: Search also the NoMachine Knowledge Base at the URL below:
NX> 700 WARNING: http://www.nomachine.com/kb
NX> 700 WARNING: for common errors encountered when performing a software update
NX> 700 WARNING: and the related hints on how to solve them..
NX> 700 Installation of NX server was completed with warnings.
NX> 700 Please review the install log '/usr/NX/var/log/install'
NX> 700 for further details.
NX> 700 Showing file: /usr/NX/share/documents/server/install-notices

I have underlined the significant lines. I feel as though I am in the midst of a software qucksand.

Something else to check that I ran across is the name of the authorized_keys file. I'm using CentOS and the rpms directly from NoMachine. A recent update to nxserver apparently placed an authorized_keys2 file in /usr/NX/home/nx/.ssh. However, my ssh config only looks for authorized_keys so I just symlinked them (ln -s authorized_keys2 authorized_keys) and bingo.

confirm that this solves the issue on Fedora17 as well

I was unable to follow this up in the time available.

OMG!.. Thank you!! I have been working this issue for about 4 hours!.. I found this thread that outlined the exact problem I was having.. linking the authorized_keys2 file to authorized_keys fixed everything!..

cd /usr/NX/home/nx/.ssh
ln -s authorized_keys2 authorized_keys

This is strange to me since I have 4 different computers with the nxserver. None of the others needed to have the authorized_keys2 file linked to the other filename.

I am opensuse 11.4, 12.1 and 12.2