nx

Patrick Dupre patrick.dupre at york.ac.uk
Thu Mar 8 17:58:20 UTC 2012 

This email reöains without response.

> On Sun, 26 Feb 2012, Aram J. Agajanian wrote:
>
>> On Sat, 25 Feb 2012 23:34:32 +0000 (GMT)
>> Patrick Dupre <patrick.dupre at york.ac.uk> wrote:
>> 
>>> After:
>>> nxserver --keygen
>>> 
>>> I have:
>>> 
>>> /usr/NX/share/keys
>>> total 6
>>> -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key
>>> -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup
>>> -rw-r--r--. 1 root root 668 May 28  2007 server.id_dsa.key
>>> 
>>> 
>>> and
>>> 
>>> /usr/NX/etc/keys/
>>> total 4
>>> -rw-r--r--. 1 root root 603 Dec 19  2010 node.localhost.id_dsa.pub
>>> -rw-------. 1 nx   root 672 Dec 19  2010 node.localhost.id_dsa
>>> 
>> 
>> I'm not entirely familiar with this configuration.  I have always used
>> freenx-server.  My comments below are adapting what you have described
>> to the method used by freenx-server.
>> 
>> What is the home directory of the nx user?  freenx-server creates a
>> directory called /var/lib/nxserver/home for this.  You can check the
>> home directory with the command:
>>
>> 	getent passwd nx
>
> So, I get:
> nx:x:491:483::/usr/NX/home/nx:/usr/NX/bin/nxserver
>
>> 
>> The home directory is the sixth field in the passwd record.
>> 
>> When the nx user tries to log in with public key authentication, sshd
>> looks for a .ssh directory inside nx's home directory.  Inside the .ssh
>> directory, there is a file called something like authorized_keys which
>> is used to verify that NX Client has the correct client key.
>> 
>> I would say that all of the files in nx's .ssh directory should be owned
>> by nx and have permissions of -rw-------, or 600.
>
> LS /usr/NX/home/nx/.ssh/
> total 8
> -rw-------. 2 nx root 668 Feb 26 00:01 authorized_keys2
> -rw-------. 2 nx root 668 Feb 26 00:01 default.id_dsa.pub
> -rw-------. 1 nx root 668 Feb  2  2010 default.id_dsa.pub.backup
> -rw-------. 1 nx root 668 Feb  2  2010 restore.id_dsa.pub
>
>
>> 
>>> 
>>> I do not understand:
>>> 
>>> then just go and recopy the key from inside the client .key file in
>>> the shared keys directory and paste it in your NX CLIENT and the
>>> connection will then complete successfully.
>>> 
>> 
>> Here are instructions on how to paste a client key into NX Client:
>> 
>> NoMachine's NX Client has an Advanced Configuration dialog window (aka
>> Configure...) with several tabs.  The first tab, called General,
>> has a section called Server.  In the Server section, press the Key...
>> button.  This brings up a new window.
>> 
>> In the new window there is a text area where you can erase the key that
>> comes with NX Client and paste in your own client key.
>
> I can erase and paste the file (from the server) 
> /usr/NX/home/nx/.ssh/authorized_keys2
> (using cat)
>
> no-port-forwarding,no-agent-forwarding,command="/usr/NX/bin/nxserver 
> --login" ssh-dss 
> AAAAB3NzaC1kc3MAAACBAN+NMKJ9Y7vl4tYw4LpyNcwwinizWN1wgRYYkBebHZqA6OqQuepbwR5Wa5M99heTXnyZZWLLncC/n/3+sOo7UbM9NJf87aOtRhobcisXFyywWg1HNjq4XkkG0L4BulZW5cHi/jEwJtzP8QoUEVGXdBE7uYSmEVlu1YTk1XFDIQB1AAAAFQDnSg1XV85mq665/wyFgK9d/FgmQQAAAIAki9P0a26mvSZ63hl1/wgZcwPVoESh3c4Blosj/TFgQvxllJKSBJj/bHeNoymRmwsg4X2f6HjtdI4L93EmtnNYGlrG9WRQk6i+WYw8rl6IqN86vkgaZrQfUOmjmj1Sy7OpS/wEZ+62yoCLwd+2z1Wivt9vRRyuVFyHA5EpVT1WDwAAAIBPDzPxvXahxeOZVRB1rKB0zrcSgJBWSj+1N2Gf4zOle7PjXjWhcy1rUNh4o7RznybZ3KAk4zzfDI+7DD4TR2LGJfS4tybm18Yk4St/e6fnUaMqui5n6AxtvHU4/CKuHn2TvsT/Dj0JkvfVeKtLP3hgKPNRyHl50LXmJIAsRnjHHg==
>
>
>> Once the key is pasted in, click the Import button to save it.
> Why import?
> If I try to import it ask me for a file t open.
> Why just not only save?
> But the key is now on one line while the previous one was over 10 lines.
> Is it OK?
>
>  The
>> small window with the client key text area should disappear.
> OK
>> 
>> Then press the OK button on the Advanced configuration dialog to save
>> you changes.
>
> Now, I get:
> DSA key is corrupted or has been protected with a passphrase
>
> How can I check the key?
>
> Thank.
>
>> Note that each host configured in NX Client has its own private key.
>> 
>> 
>>> 
>>> On the server
>>> I deleted /usr/NX/share/keys/default.id_dsa.key
>>> 
>>> and copy the key:
>>> /usr/NX/share/keys/default.id_dsa.key
>>> of the client on the server.
>>> I also tried do copy in
>>> /usr/NX/etc/keys/
>>> 
>>> nxserver --restart
>>> 
>>> But still does not work.
>>> 
>> 
>> It seems like default.id_dsa.key is the client (private) key in your
>> configuration.
>> 
>> However, the server doesn't use client key.  It uses the public key in
>> a special file called authorized_keys.  (That is what sshd will look
>> for when the NX Client tries to log in as the nx user with public key
>> authentication.)
>> 
>> 
>
>

-- 
---
==========================================================================
  Patrick DUPRÉ                      |   |
  Department of Chemistry            |   |  Phone: (44)-(0)-1904-434384
  The University of York             |   |  Fax:   (44)-(0)-1904-432516
  Heslington                         |   |
  York YO10 5DD  United Kingdom      |   |  email: patrick.dupre at york.ac.uk
==========================================================================

More information about the users mailing list