nx
Patrick Dupre
patrick.dupre at york.ac.uk
Thu Mar 8 17:58:20 UTC 2012
This email reöains without response.
> On Sun, 26 Feb 2012, Aram J. Agajanian wrote:
>
>> On Sat, 25 Feb 2012 23:34:32 +0000 (GMT)
>> Patrick Dupre <patrick.dupre at york.ac.uk> wrote:
>>
>>> After:
>>> nxserver --keygen
>>>
>>> I have:
>>>
>>> /usr/NX/share/keys
>>> total 6
>>> -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key
>>> -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup
>>> -rw-r--r--. 1 root root 668 May 28 2007 server.id_dsa.key
>>>
>>>
>>> and
>>>
>>> /usr/NX/etc/keys/
>>> total 4
>>> -rw-r--r--. 1 root root 603 Dec 19 2010 node.localhost.id_dsa.pub
>>> -rw-------. 1 nx root 672 Dec 19 2010 node.localhost.id_dsa
>>>
>>
>> I'm not entirely familiar with this configuration. I have always used
>> freenx-server. My comments below are adapting what you have described
>> to the method used by freenx-server.
>>
>> What is the home directory of the nx user? freenx-server creates a
>> directory called /var/lib/nxserver/home for this. You can check the
>> home directory with the command:
>>
>> getent passwd nx
>
> So, I get:
> nx:x:491:483::/usr/NX/home/nx:/usr/NX/bin/nxserver
>
>>
>> The home directory is the sixth field in the passwd record.
>>
>> When the nx user tries to log in with public key authentication, sshd
>> looks for a .ssh directory inside nx's home directory. Inside the .ssh
>> directory, there is a file called something like authorized_keys which
>> is used to verify that NX Client has the correct client key.
>>
>> I would say that all of the files in nx's .ssh directory should be owned
>> by nx and have permissions of -rw-------, or 600.
>
> LS /usr/NX/home/nx/.ssh/
> total 8
> -rw-------. 2 nx root 668 Feb 26 00:01 authorized_keys2
> -rw-------. 2 nx root 668 Feb 26 00:01 default.id_dsa.pub
> -rw-------. 1 nx root 668 Feb 2 2010 default.id_dsa.pub.backup
> -rw-------. 1 nx root 668 Feb 2 2010 restore.id_dsa.pub
>
>
>>
>>>
>>> I do not understand:
>>>
>>> then just go and recopy the key from inside the client .key file in
>>> the shared keys directory and paste it in your NX CLIENT and the
>>> connection will then complete successfully.
>>>
>>
>> Here are instructions on how to paste a client key into NX Client:
>>
>> NoMachine's NX Client has an Advanced Configuration dialog window (aka
>> Configure...) with several tabs. The first tab, called General,
>> has a section called Server. In the Server section, press the Key...
>> button. This brings up a new window.
>>
>> In the new window there is a text area where you can erase the key that
>> comes with NX Client and paste in your own client key.
>
> I can erase and paste the file (from the server)
> /usr/NX/home/nx/.ssh/authorized_keys2
> (using cat)
>
> no-port-forwarding,no-agent-forwarding,command="/usr/NX/bin/nxserver
> --login" ssh-dss
> AAAAB3NzaC1kc3MAAACBAN+NMKJ9Y7vl4tYw4LpyNcwwinizWN1wgRYYkBebHZqA6OqQuepbwR5Wa5M99heTXnyZZWLLncC/n/3+sOo7UbM9NJf87aOtRhobcisXFyywWg1HNjq4XkkG0L4BulZW5cHi/jEwJtzP8QoUEVGXdBE7uYSmEVlu1YTk1XFDIQB1AAAAFQDnSg1XV85mq665/wyFgK9d/FgmQQAAAIAki9P0a26mvSZ63hl1/wgZcwPVoESh3c4Blosj/TFgQvxllJKSBJj/bHeNoymRmwsg4X2f6HjtdI4L93EmtnNYGlrG9WRQk6i+WYw8rl6IqN86vkgaZrQfUOmjmj1Sy7OpS/wEZ+62yoCLwd+2z1Wivt9vRRyuVFyHA5EpVT1WDwAAAIBPDzPxvXahxeOZVRB1rKB0zrcSgJBWSj+1N2Gf4zOle7PjXjWhcy1rUNh4o7RznybZ3KAk4zzfDI+7DD4TR2LGJfS4tybm18Yk4St/e6fnUaMqui5n6AxtvHU4/CKuHn2TvsT/Dj0JkvfVeKtLP3hgKPNRyHl50LXmJIAsRnjHHg==
>
>
>> Once the key is pasted in, click the Import button to save it.
> Why import?
> If I try to import it ask me for a file t open.
> Why just not only save?
> But the key is now on one line while the previous one was over 10 lines.
> Is it OK?
>
> The
>> small window with the client key text area should disappear.
> OK
>>
>> Then press the OK button on the Advanced configuration dialog to save
>> you changes.
>
> Now, I get:
> DSA key is corrupted or has been protected with a passphrase
>
> How can I check the key?
>
> Thank.
>
>> Note that each host configured in NX Client has its own private key.
>>
>>
>>>
>>> On the server
>>> I deleted /usr/NX/share/keys/default.id_dsa.key
>>>
>>> and copy the key:
>>> /usr/NX/share/keys/default.id_dsa.key
>>> of the client on the server.
>>> I also tried do copy in
>>> /usr/NX/etc/keys/
>>>
>>> nxserver --restart
>>>
>>> But still does not work.
>>>
>>
>> It seems like default.id_dsa.key is the client (private) key in your
>> configuration.
>>
>> However, the server doesn't use client key. It uses the public key in
>> a special file called authorized_keys. (That is what sshd will look
>> for when the NX Client tries to log in as the nx user with public key
>> authentication.)
>>
>>
>
>
--
---
==========================================================================
Patrick DUPRÉ | |
Department of Chemistry | | Phone: (44)-(0)-1904-434384
The University of York | | Fax: (44)-(0)-1904-432516
Heslington | |
York YO10 5DD United Kingdom | | email: patrick.dupre at york.ac.uk
==========================================================================
More information about the users
mailing list