Hello,
From a fedora 14 I cannot open a nx session of a fedora 16.
The nx server seems OK
systemctl status nxserver.service nxserver.service - LSB: Starts and stops the NoMachine NX Server. Loaded: loaded (/etc/rc.d/init.d/nxserver) Active: active (exited) since Sun, 19 Feb 2012 13:34:43 +0100; 56min ago Process: 3708 ExecStop=/etc/rc.d/init.d/nxserver stop (code=exited, status=0/SUCCESS) Process: 3741 ExecStart=/etc/rc.d/init.d/nxserver start (code=exited, status=0/SUCCESS) CGroup: name=systemd:/system/nxserver.service
I get: SH running with pid: 17524 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files NX> 285 Setting the preferred NX options NX> 200 Connected to address: 192.168.0.100 on port: 22 NX> 202 Authenticating user: nx NX> 208 Using auth method: publickey NX> 204 Authentication failed.
I can make a ssh as well a sshfs of the machine.
Any idea?
Thank.
On 19 February 2012 17:35, Patrick Dupre patrick.dupre@york.ac.uk wrote:
Hello,
From a fedora 14 I cannot open a nx session of a fedora 16.
The nx server seems OK
<--SNIP-->
I can make a ssh as well a sshfs of the machine.
Any idea?
Thank.
--
Firewall problem? Check with selinux turned off.
On Sun, 19 Feb 2012, Hiisi wrote:
On 19 February 2012 17:35, Patrick Dupre patrick.dupre@york.ac.uk wrote: Hello,
From a fedora 14 I cannot open a nx session of a fedora 16.
The nx server seems OK
<--SNIP-->
I can make a ssh as well a sshfs of the machine.
Any idea?
Thank.
--
Firewall problem? Check with selinux turned off.
Same thing!
On Sun, 19 Feb 2012, Hiisi wrote:
On 19 February 2012 17:35, Patrick Dupre patrick.dupre@york.ac.uk wrote: Hello,
From a fedora 14 I cannot open a nx session of a fedora 16.
The nx server seems OK
<--SNIP-->
I can make a ssh as well a sshfs of the machine.
Any idea?
Thank.
--
Firewall problem? Check with selinux turned off.
No help. However, when I do a nx from the same machine that I caanot reach from another one, it works OK.
I cannot get a log file either. where can I get a log file?
Thank
On Sun, 19 Feb 2012 13:35:44 +0000 (GMT) Patrick Dupre patrick.dupre@york.ac.uk wrote:
From a fedora 14 I cannot open a nx session of a fedora 16.
The nx server seems OK
systemctl status nxserver.service nxserver.service - LSB: Starts and stops the NoMachine NX Server. Loaded: loaded (/etc/rc.d/init.d/nxserver) Active: active (exited) since Sun, 19 Feb 2012 13:34:43 +0100; 56min ago Process: 3708 ExecStop=/etc/rc.d/init.d/nxserver stop (code=exited, status=0/SUCCESS) Process: 3741 ExecStart=/etc/rc.d/init.d/nxserver start (code=exited, status=0/SUCCESS) CGroup: name=systemd:/system/nxserver.service
I get: SH running with pid: 17524 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files NX> 285 Setting the preferred NX options NX> 200 Connected to address: 192.168.0.100 on port: 22 NX> 202 Authenticating user: nx NX> 208 Using auth method: publickey NX> 204 Authentication failed.
I can make a ssh as well a sshfs of the machine.
Any idea?
Check the ownership and permissions of the files in
/var/lib/nxserver/home/.ssh/
They should be owned by nx and the permissions should be 700 or 600.
Also, the client.id_dsa.key file should be imported into the nx client.
On Wed, 22 Feb 2012, Aram J. Agajanian wrote:
On Sun, 19 Feb 2012 13:35:44 +0000 (GMT)
Patrick Dupre patrick.dupre@york.ac.uk wrote:
From a fedora 14 I cannot open a nx session of a fedora 16.
The nx server seems OK
systemctl status nxserver.service nxserver.service - LSB: Starts and stops the NoMachine NX Server. Loaded: loaded (/etc/rc.d/init.d/nxserver) Active: active (exited) since Sun, 19 Feb 2012 13:34:43 +0100; 56min ago Process: 3708 ExecStop=/etc/rc.d/init.d/nxserver stop (code=exited, status=0/SUCCESS) Process: 3741 ExecStart=/etc/rc.d/init.d/nxserver start (code=exited, status=0/SUCCESS) CGroup: name=systemd:/system/nxserver.service
I get: SH running with pid: 17524 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files NX> 285 Setting the preferred NX options NX> 200 Connected to address: 192.168.0.100 on port: 22 NX> 202 Authenticating user: nx NX> 208 Using auth method: publickey NX> 204 Authentication failed.
I can make a ssh as well a sshfs of the machine.
Any idea?
Check the ownership and permissions of the files in
/var/lib/nxserver/home/.ssh/
ls -l /usr/NX/home/nx/.ssh total 8 -rw-r--r--. 2 nx root 668 Feb 19 14:40 authorized_keys2 -rw-r--r--. 2 nx root 668 Feb 19 14:40 default.id_dsa.pub -rw-r--r--. 1 nx root 668 Feb 2 2010 default.id_dsa.pub.backup -rw-r--r--. 1 nx root 668 Feb 2 2010 restore.id_dsa.pub
They should be owned by nx and the permissions should be 700 or 600.
Also, the client.id_dsa.key file should be imported into the nx client.
How can I do this? I do not have a client.id_dsa.key
In addition, I never have to do something like that before, at least manually
On Sat, 25 Feb 2012, Patrick Dupre wrote:
On Wed, 22 Feb 2012, Aram J. Agajanian wrote:
On Sun, 19 Feb 2012 13:35:44 +0000 (GMT)
Patrick Dupre patrick.dupre@york.ac.uk wrote:
From a fedora 14 I cannot open a nx session of a fedora 16.
The nx server seems OK
systemctl status nxserver.service nxserver.service - LSB: Starts and stops the NoMachine NX Server. Loaded: loaded (/etc/rc.d/init.d/nxserver) Active: active (exited) since Sun, 19 Feb 2012 13:34:43 +0100; 56min ago Process: 3708 ExecStop=/etc/rc.d/init.d/nxserver stop (code=exited, status=0/SUCCESS) Process: 3741 ExecStart=/etc/rc.d/init.d/nxserver start (code=exited, status=0/SUCCESS) CGroup: name=systemd:/system/nxserver.service
I get: SH running with pid: 17524 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files NX> 285 Setting the preferred NX options NX> 200 Connected to address: 192.168.0.100 on port: 22 NX> 202 Authenticating user: nx NX> 208 Using auth method: publickey NX> 204 Authentication failed.
I can make a ssh as well a sshfs of the machine.
Any idea?
Check the ownership and permissions of the files in /var/lib/nxserver/home/.ssh/
ls -l /usr/NX/home/nx/.ssh total 8 -rw-r--r--. 2 nx root 668 Feb 19 14:40 authorized_keys2 -rw-r--r--. 2 nx root 668 Feb 19 14:40 default.id_dsa.pub -rw-r--r--. 1 nx root 668 Feb 2 2010 default.id_dsa.pub.backup -rw-r--r--. 1 nx root 668 Feb 2 2010 restore.id_dsa.pub
They should be owned by nx and the permissions should be 700 or 600.
Also, the client.id_dsa.key file should be imported into the nx client.
How can I do this? I do not have a client.id_dsa.key
After: nxserver --keygen
I have:
/usr/NX/share/keys total 6 -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup -rw-r--r--. 1 root root 668 May 28 2007 server.id_dsa.key
and
/usr/NX/etc/keys/ total 4 -rw-r--r--. 1 root root 603 Dec 19 2010 node.localhost.id_dsa.pub -rw-------. 1 nx root 672 Dec 19 2010 node.localhost.id_dsa
I do not understand:
then just go and recopy the key from inside the client .key file in the shared keys directory and paste it in your NX CLIENT and the connection will then complete successfully.
On the server I deleted /usr/NX/share/keys/default.id_dsa.key
and copy the key: /usr/NX/share/keys/default.id_dsa.key of the client on the server. I also tried do copy in /usr/NX/etc/keys/
nxserver --restart
But still does not work.
Am 25.02.2012 23:56, schrieb Patrick Dupre:
Check the ownership and permissions of the files in /var/lib/nxserver/home/.ssh/
ls -l /usr/NX/home/nx/.ssh total 8 -rw-r--r--. 2 nx root 668 Feb 19 14:40 authorized_keys2 -rw-r--r--. 2 nx root 668 Feb 19 14:40 default.id_dsa.pub -rw-r--r--. 1 nx root 668 Feb 2 2010 default.id_dsa.pub.backup -rw-r--r--. 1 nx root 668 Feb 2 2010 restore.id_dsa.pub
They should be owned by nx and the permissions should be 700 or 600
this chmod 644 - ANYBODY can read sshd will always refuse keyfiles with permissions too wide open
On Sat, 25 Feb 2012 23:34:32 +0000 (GMT) Patrick Dupre patrick.dupre@york.ac.uk wrote:
After: nxserver --keygen
I have:
/usr/NX/share/keys total 6 -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup -rw-r--r--. 1 root root 668 May 28 2007 server.id_dsa.key
and
/usr/NX/etc/keys/ total 4 -rw-r--r--. 1 root root 603 Dec 19 2010 node.localhost.id_dsa.pub -rw-------. 1 nx root 672 Dec 19 2010 node.localhost.id_dsa
I'm not entirely familiar with this configuration. I have always used freenx-server. My comments below are adapting what you have described to the method used by freenx-server.
What is the home directory of the nx user? freenx-server creates a directory called /var/lib/nxserver/home for this. You can check the home directory with the command:
getent passwd nx
The home directory is the sixth field in the passwd record.
When the nx user tries to log in with public key authentication, sshd looks for a .ssh directory inside nx's home directory. Inside the .ssh directory, there is a file called something like authorized_keys which is used to verify that NX Client has the correct client key.
I would say that all of the files in nx's .ssh directory should be owned by nx and have permissions of -rw-------, or 600.
I do not understand:
then just go and recopy the key from inside the client .key file in the shared keys directory and paste it in your NX CLIENT and the connection will then complete successfully.
Here are instructions on how to paste a client key into NX Client:
NoMachine's NX Client has an Advanced Configuration dialog window (aka Configure...) with several tabs. The first tab, called General, has a section called Server. In the Server section, press the Key... button. This brings up a new window.
In the new window there is a text area where you can erase the key that comes with NX Client and paste in your own client key.
Once the key is pasted in, click the Import button to save it. The small window with the client key text area should disappear.
Then press the OK button on the Advanced configuration dialog to save you changes.
Note that each host configured in NX Client has its own private key.
On the server I deleted /usr/NX/share/keys/default.id_dsa.key
and copy the key: /usr/NX/share/keys/default.id_dsa.key of the client on the server. I also tried do copy in /usr/NX/etc/keys/
nxserver --restart
But still does not work.
It seems like default.id_dsa.key is the client (private) key in your configuration.
However, the server doesn't use client key. It uses the public key in a special file called authorized_keys. (That is what sshd will look for when the NX Client tries to log in as the nx user with public key authentication.)
On Sun, 26 Feb 2012, Aram J. Agajanian wrote:
On Sat, 25 Feb 2012 23:34:32 +0000 (GMT) Patrick Dupre patrick.dupre@york.ac.uk wrote:
After: nxserver --keygen
I have:
/usr/NX/share/keys total 6 -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup -rw-r--r--. 1 root root 668 May 28 2007 server.id_dsa.key
and
/usr/NX/etc/keys/ total 4 -rw-r--r--. 1 root root 603 Dec 19 2010 node.localhost.id_dsa.pub -rw-------. 1 nx root 672 Dec 19 2010 node.localhost.id_dsa
I'm not entirely familiar with this configuration. I have always used freenx-server. My comments below are adapting what you have described to the method used by freenx-server.
What is the home directory of the nx user? freenx-server creates a directory called /var/lib/nxserver/home for this. You can check the home directory with the command:
getent passwd nx
So, I get: nx:x:491:483::/usr/NX/home/nx:/usr/NX/bin/nxserver
The home directory is the sixth field in the passwd record.
When the nx user tries to log in with public key authentication, sshd looks for a .ssh directory inside nx's home directory. Inside the .ssh directory, there is a file called something like authorized_keys which is used to verify that NX Client has the correct client key.
I would say that all of the files in nx's .ssh directory should be owned by nx and have permissions of -rw-------, or 600.
LS /usr/NX/home/nx/.ssh/ total 8 -rw-------. 2 nx root 668 Feb 26 00:01 authorized_keys2 -rw-------. 2 nx root 668 Feb 26 00:01 default.id_dsa.pub -rw-------. 1 nx root 668 Feb 2 2010 default.id_dsa.pub.backup -rw-------. 1 nx root 668 Feb 2 2010 restore.id_dsa.pub
I do not understand:
then just go and recopy the key from inside the client .key file in the shared keys directory and paste it in your NX CLIENT and the connection will then complete successfully.
Here are instructions on how to paste a client key into NX Client:
NoMachine's NX Client has an Advanced Configuration dialog window (aka Configure...) with several tabs. The first tab, called General, has a section called Server. In the Server section, press the Key... button. This brings up a new window.
In the new window there is a text area where you can erase the key that comes with NX Client and paste in your own client key.
I can erase and paste the file (from the server) /usr/NX/home/nx/.ssh/authorized_keys2 (using cat)
no-port-forwarding,no-agent-forwarding,command="/usr/NX/bin/nxserver --login" ssh-dss AAAAB3NzaC1kc3MAAACBAN+NMKJ9Y7vl4tYw4LpyNcwwinizWN1wgRYYkBebHZqA6OqQuepbwR5Wa5M99heTXnyZZWLLncC/n/3+sOo7UbM9NJf87aOtRhobcisXFyywWg1HNjq4XkkG0L4BulZW5cHi/jEwJtzP8QoUEVGXdBE7uYSmEVlu1YTk1XFDIQB1AAAAFQDnSg1XV85mq665/wyFgK9d/FgmQQAAAIAki9P0a26mvSZ63hl1/wgZcwPVoESh3c4Blosj/TFgQvxllJKSBJj/bHeNoymRmwsg4X2f6HjtdI4L93EmtnNYGlrG9WRQk6i+WYw8rl6IqN86vkgaZrQfUOmjmj1Sy7OpS/wEZ+62yoCLwd+2z1Wivt9vRRyuVFyHA5EpVT1WDwAAAIBPDzPxvXahxeOZVRB1rKB0zrcSgJBWSj+1N2Gf4zOle7PjXjWhcy1rUNh4o7RznybZ3KAk4zzfDI+7DD4TR2LGJfS4tybm18Yk4St/e6fnUaMqui5n6AxtvHU4/CKuHn2TvsT/Dj0JkvfVeKtLP3hgKPNRyHl50LXmJIAsRnjHHg==
Once the key is pasted in, click the Import button to save it.
Why import? If I try to import it ask me for a file t open. Why just not only save? But the key is now on one line while the previous one was over 10 lines. Is it OK?
The
small window with the client key text area should disappear.
OK
Then press the OK button on the Advanced configuration dialog to save you changes.
Now, I get: DSA key is corrupted or has been protected with a passphrase
How can I check the key?
Thank.
Note that each host configured in NX Client has its own private key.
On the server I deleted /usr/NX/share/keys/default.id_dsa.key
and copy the key: /usr/NX/share/keys/default.id_dsa.key of the client on the server. I also tried do copy in /usr/NX/etc/keys/
nxserver --restart
But still does not work.
It seems like default.id_dsa.key is the client (private) key in your configuration.
However, the server doesn't use client key. It uses the public key in a special file called authorized_keys. (That is what sshd will look for when the NX Client tries to log in as the nx user with public key authentication.)
This email reöains without response.
On Sun, 26 Feb 2012, Aram J. Agajanian wrote:
On Sat, 25 Feb 2012 23:34:32 +0000 (GMT) Patrick Dupre patrick.dupre@york.ac.uk wrote:
After: nxserver --keygen
I have:
/usr/NX/share/keys total 6 -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup -rw-r--r--. 1 root root 668 May 28 2007 server.id_dsa.key
and
/usr/NX/etc/keys/ total 4 -rw-r--r--. 1 root root 603 Dec 19 2010 node.localhost.id_dsa.pub -rw-------. 1 nx root 672 Dec 19 2010 node.localhost.id_dsa
I'm not entirely familiar with this configuration. I have always used freenx-server. My comments below are adapting what you have described to the method used by freenx-server.
What is the home directory of the nx user? freenx-server creates a directory called /var/lib/nxserver/home for this. You can check the home directory with the command:
getent passwd nx
So, I get: nx:x:491:483::/usr/NX/home/nx:/usr/NX/bin/nxserver
The home directory is the sixth field in the passwd record.
When the nx user tries to log in with public key authentication, sshd looks for a .ssh directory inside nx's home directory. Inside the .ssh directory, there is a file called something like authorized_keys which is used to verify that NX Client has the correct client key.
I would say that all of the files in nx's .ssh directory should be owned by nx and have permissions of -rw-------, or 600.
LS /usr/NX/home/nx/.ssh/ total 8 -rw-------. 2 nx root 668 Feb 26 00:01 authorized_keys2 -rw-------. 2 nx root 668 Feb 26 00:01 default.id_dsa.pub -rw-------. 1 nx root 668 Feb 2 2010 default.id_dsa.pub.backup -rw-------. 1 nx root 668 Feb 2 2010 restore.id_dsa.pub
I do not understand:
then just go and recopy the key from inside the client .key file in the shared keys directory and paste it in your NX CLIENT and the connection will then complete successfully.
Here are instructions on how to paste a client key into NX Client:
NoMachine's NX Client has an Advanced Configuration dialog window (aka Configure...) with several tabs. The first tab, called General, has a section called Server. In the Server section, press the Key... button. This brings up a new window.
In the new window there is a text area where you can erase the key that comes with NX Client and paste in your own client key.
I can erase and paste the file (from the server) /usr/NX/home/nx/.ssh/authorized_keys2 (using cat)
no-port-forwarding,no-agent-forwarding,command="/usr/NX/bin/nxserver --login" ssh-dss AAAAB3NzaC1kc3MAAACBAN+NMKJ9Y7vl4tYw4LpyNcwwinizWN1wgRYYkBebHZqA6OqQuepbwR5Wa5M99heTXnyZZWLLncC/n/3+sOo7UbM9NJf87aOtRhobcisXFyywWg1HNjq4XkkG0L4BulZW5cHi/jEwJtzP8QoUEVGXdBE7uYSmEVlu1YTk1XFDIQB1AAAAFQDnSg1XV85mq665/wyFgK9d/FgmQQAAAIAki9P0a26mvSZ63hl1/wgZcwPVoESh3c4Blosj/TFgQvxllJKSBJj/bHeNoymRmwsg4X2f6HjtdI4L93EmtnNYGlrG9WRQk6i+WYw8rl6IqN86vkgaZrQfUOmjmj1Sy7OpS/wEZ+62yoCLwd+2z1Wivt9vRRyuVFyHA5EpVT1WDwAAAIBPDzPxvXahxeOZVRB1rKB0zrcSgJBWSj+1N2Gf4zOle7PjXjWhcy1rUNh4o7RznybZ3KAk4zzfDI+7DD4TR2LGJfS4tybm18Yk4St/e6fnUaMqui5n6AxtvHU4/CKuHn2TvsT/Dj0JkvfVeKtLP3hgKPNRyHl50LXmJIAsRnjHHg==
Once the key is pasted in, click the Import button to save it.
Why import? If I try to import it ask me for a file t open. Why just not only save? But the key is now on one line while the previous one was over 10 lines. Is it OK?
The
small window with the client key text area should disappear.
OK
Then press the OK button on the Advanced configuration dialog to save you changes.
Now, I get: DSA key is corrupted or has been protected with a passphrase
How can I check the key?
Thank.
Note that each host configured in NX Client has its own private key.
On the server I deleted /usr/NX/share/keys/default.id_dsa.key
and copy the key: /usr/NX/share/keys/default.id_dsa.key of the client on the server. I also tried do copy in /usr/NX/etc/keys/
nxserver --restart
But still does not work.
It seems like default.id_dsa.key is the client (private) key in your configuration.
However, the server doesn't use client key. It uses the public key in a special file called authorized_keys. (That is what sshd will look for when the NX Client tries to log in as the nx user with public key authentication.)
On 03/08/2012 12:58 PM, Patrick Dupre wrote:
This email reöains without response.
On Sun, 26 Feb 2012, Aram J. Agajanian wrote:
On Sat, 25 Feb 2012 23:34:32 +0000 (GMT) Patrick Dupre patrick.dupre@york.ac.uk wrote:
After: nxserver --keygen
I have:
/usr/NX/share/keys total 6 -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup -rw-r--r--. 1 root root 668 May 28 2007 server.id_dsa.key
My experience with NXNomachine has been that there are few here that use it. Those who do don't have to do much to keep it running after it's properly set up, so trying to help someone with a configuration you may have done some time ago usually doesn't work. I got my setup running more than a year ago so what I did exactly to get it working is not fresh in my memory. I have NXNomachine running on server at work and one at home. I have always gotten it running using their own documentation, because I couldn't find help. Their documentation is actually quite adequate. Make sure SSH is open on the firewall and in Selinux, you want SSH allowed to forward port connections. Follow instructions to generate the key. The next step is one where I've had numerous failures. I usually open the key file with a basic text editor such as Kate or Gedit on a client computer. Select all and copy. Then open a nxclient instance, and go into the configure; there you will find a button on the general tab called 'key'; clicking that will open a window where you can paste the key. That generally does it. I'm sorry but I don't have time to read your long question, but, hopefully, something from above will help you figure out what you're doing wrong.
-
Aram J. Agajanian -
Claude Jones -
Hiisi -
Patrick Dupre -
Patrick O'Callaghan -
Reindl Harald