nx

Patrick Dupre patrick.dupre at york.ac.uk
Sat Mar 3 23:54:35 UTC 2012 

On Sun, 26 Feb 2012, Aram J. Agajanian wrote:

> On Sat, 25 Feb 2012 23:34:32 +0000 (GMT)
> Patrick Dupre <patrick.dupre at york.ac.uk> wrote:
>
>> After:
>> nxserver --keygen
>>
>> I have:
>>
>> /usr/NX/share/keys
>> total 6
>> -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key
>> -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup
>> -rw-r--r--. 1 root root 668 May 28  2007 server.id_dsa.key
>>
>>
>> and
>>
>> /usr/NX/etc/keys/
>> total 4
>> -rw-r--r--. 1 root root 603 Dec 19  2010 node.localhost.id_dsa.pub
>> -rw-------. 1 nx   root 672 Dec 19  2010 node.localhost.id_dsa
>>
>
> I'm not entirely familiar with this configuration.  I have always used
> freenx-server.  My comments below are adapting what you have described
> to the method used by freenx-server.
>
> What is the home directory of the nx user?  freenx-server creates a
> directory called /var/lib/nxserver/home for this.  You can check the
> home directory with the command:
>
> 	getent passwd nx

So, I get:
  nx:x:491:483::/usr/NX/home/nx:/usr/NX/bin/nxserver

>
> The home directory is the sixth field in the passwd record.
>
> When the nx user tries to log in with public key authentication, sshd
> looks for a .ssh directory inside nx's home directory.  Inside the .ssh
> directory, there is a file called something like authorized_keys which
> is used to verify that NX Client has the correct client key.
>
> I would say that all of the files in nx's .ssh directory should be owned
> by nx and have permissions of -rw-------, or 600.

  LS /usr/NX/home/nx/.ssh/
total 8
-rw-------. 2 nx root 668 Feb 26 00:01 authorized_keys2
-rw-------. 2 nx root 668 Feb 26 00:01 default.id_dsa.pub
-rw-------. 1 nx root 668 Feb  2  2010 default.id_dsa.pub.backup
-rw-------. 1 nx root 668 Feb  2  2010 restore.id_dsa.pub


>
>>
>> I do not understand:
>>
>> then just go and recopy the key from inside the client .key file in
>> the shared keys directory and paste it in your NX CLIENT and the
>> connection will then complete successfully.
>>
>
> Here are instructions on how to paste a client key into NX Client:
>
> NoMachine's NX Client has an Advanced Configuration dialog window (aka
> Configure...) with several tabs.  The first tab, called General,
> has a section called Server.  In the Server section, press the Key...
> button.  This brings up a new window.
>
> In the new window there is a text area where you can erase the key that
> comes with NX Client and paste in your own client key.

I can erase and paste the file (from the server) 
/usr/NX/home/nx/.ssh/authorized_keys2
(using cat)

no-port-forwarding,no-agent-forwarding,command="/usr/NX/bin/nxserver 
--login" ssh-dss 
AAAAB3NzaC1kc3MAAACBAN+NMKJ9Y7vl4tYw4LpyNcwwinizWN1wgRYYkBebHZqA6OqQuepbwR5Wa5M99heTXnyZZWLLncC/n/3+sOo7UbM9NJf87aOtRhobcisXFyywWg1HNjq4XkkG0L4BulZW5cHi/jEwJtzP8QoUEVGXdBE7uYSmEVlu1YTk1XFDIQB1AAAAFQDnSg1XV85mq665/wyFgK9d/FgmQQAAAIAki9P0a26mvSZ63hl1/wgZcwPVoESh3c4Blosj/TFgQvxllJKSBJj/bHeNoymRmwsg4X2f6HjtdI4L93EmtnNYGlrG9WRQk6i+WYw8rl6IqN86vkgaZrQfUOmjmj1Sy7OpS/wEZ+62yoCLwd+2z1Wivt9vRRyuVFyHA5EpVT1WDwAAAIBPDzPxvXahxeOZVRB1rKB0zrcSgJBWSj+1N2Gf4zOle7PjXjWhcy1rUNh4o7RznybZ3KAk4zzfDI+7DD4TR2LGJfS4tybm18Yk4St/e6fnUaMqui5n6AxtvHU4/CKuHn2TvsT/Dj0JkvfVeKtLP3hgKPNRyHl50LXmJIAsRnjHHg==


> Once the key is pasted in, click the Import button to save it.
Why import?
If I try to import it ask me for a file t open.
Why just not only save?
But the key is now on one line while the previous one was over 10 lines.
Is it OK?

   The
> small window with the client key text area should disappear.
OK
>
> Then press the OK button on the Advanced configuration dialog to save
> you changes.

Now, I get:
DSA key is corrupted or has been protected with a passphrase

How can I check the key?

Thank.

> Note that each host configured in NX Client has its own private key.
>
>
>>
>> On the server
>> I deleted /usr/NX/share/keys/default.id_dsa.key
>>
>> and copy the key:
>> /usr/NX/share/keys/default.id_dsa.key
>> of the client on the server.
>> I also tried do copy in
>> /usr/NX/etc/keys/
>>
>> nxserver --restart
>>
>> But still does not work.
>>
>
> It seems like default.id_dsa.key is the client (private) key in your
> configuration.
>
> However, the server doesn't use client key.  It uses the public key in
> a special file called authorized_keys.  (That is what sshd will look
> for when the NX Client tries to log in as the nx user with public key
> authentication.)
>
>

-- 
---
==========================================================================
  Patrick DUPRÉ                      |   |
  Department of Chemistry            |   |  Phone: (44)-(0)-1904-434384
  The University of York             |   |  Fax:   (44)-(0)-1904-432516
  Heslington                         |   |
  York YO10 5DD  United Kingdom      |   |  email: patrick.dupre at york.ac.uk
==========================================================================

More information about the users mailing list