[FreeNX-kNX] Fwd: Re: NXClient fails to connect with authentication failed for user.

Dion Moult dion at thinkmoult.com
Sat Sep 26 17:12:42 UTC 2009 

After some tweaking I find that I need passwordauthentication to be set to yes 
in sshd_config. I wonder if it's possible to use NX with both NX's key and my 
own encrypted-with-passphrase key for my user account (as opposed to system 
user+pass)?

(and correct me if I'm wrong, but this applies only to NX - as long as I have 
an id_dsa in my .ssh/ folder whenever I try to ssh in directly to my user it 
would ask for my passphrase?)

On Saturday 26 September 2009 18:14:38 ChrisB wrote:
> Dion Moult <dion at thinkmoult.com> wrote on 26/09/2009 10:56:10:
> > It asks for my passphrase. So I rename id_dsa to something else and try
> 
> again
> 
> > and you are right it asks for my password. I can log in fine.
> >
> > Trying again with NXClient with the moved id_dsa still fails with the
> 
> same
> 
> > error as before.
> 
> If it is still giving failed login with user dion after you have got user
> dion logging in and working then in the absence of any other information,
> I would suspect that you haven't changed the entry in
> /etc/nxxserver/node.conf to tell FreeNX that the sshd is listening on 443
> instead of 22.
> 
> Do you have any other users which can log in OK ??  If so it is an issue
> with account dion. If not then check the above next.
> 
> > On Saturday 26 September 2009 17:44:20 ChrisB wrote:
> > > Dion Moult <dion at thinkmoult.com> wrote on 26/09/2009 03:01:22:
> > > > Tried changing that, restarting sshd and nxserver, but it still
> > > > gives the same
> > > > error:
> > > >
> > > > sshd[23560]: Connection from 127.0.0.1 port 38026
> > > > sshd[23560]: Failed none for nx from 127.0.0.1 port 38026 ssh2
> > > > sshd[23560]: Found matching DSA key: blahblahblahetcetc
> > > > sshd[23560]: Accepted publickey for nx from 127.0.0.1 port 38026
> 
> ssh2
> 
> > > > sshd[23560]: pam_unix(sshd:session): session opened for user nx by
> > >
> > > (uid=0)
> > >
> > > > sshd[23560]: User child is on pid 23562
> > > > nxserver[23692]: (nx) Failed login for user=dion from IP=127.0.0.1
> > > > sshd[23562]: Connection closed by 127.0.0.1
> > > > sshd[23562]: Transferred: sent 2848, received 1968 bytes
> > > > sshd[23562]: Closing connection to 127.0.0.1 port 38026
> > > > sshd[23560]: pam_unix(sshd:session): session closed for user nx
> > >
> > > Sounds like password or account issues with user dion
> > >
> > > On the server, try
> > >
> > >                 ssh -v -p 443 -l dion localhost
> > >
> > > The -v will tell you what it is trying and what fails.
> > >
> > > It should ask for a password. If user dion has an id_dsa or id_rsa key
> 
> in
> 
> > > $HOME/.ssh then you need to temporarily rename it id_dsa.000 or some
> 
> such.
> 
> > > If you can't log in as user dion locally using a password then it
> 
> won't
> 
> > > work over nx, so you need to prove this works/fix it next . . . .
> > >
> > > > On Saturday 26 September 2009 09:55:03 you wrote:
> > > > > ----------  Forwarded Message  ----------
> > > > >
> > > > > Subject: Re: [FreeNX-kNX] NXClient fails to connect with
> > >
> > > authentication
> > >
> > > > >  failed for user.
> > > > > Date: Friday 25 September 2009
> > > > > From: "ChrisB" <chris at ccburton.com>
> > > > > To: User Support for FreeNX Server and kNX Client
> 
> <freenx-knx at kde.org>
> 
> > > > > Dion Moult <dion at thinkmoult.com> wrote on 25/09/2009 18:09:17:
> > > > >
> > > > >
> > > > > SNIP
> > > > >
> > > > > > sshd[13479]: Connection from 127.0.0.1 port 40791
> > > > > > sshd[13479]: Found matching DSA key: blahblahblahblah
> > > > > > sshd[13479]: Accepted publickey for nx from 127.0.0.1 port 40791
> > >
> > > ssh2
> > >
> > > > > > sshd[13479]: pam_unix(sshd:session): session opened for user nx
> 
> by
> 
> > > > > (uid=0)
> > > > >
> > > > > > sshd[13479]: User child is on pid 13481
> > > > > > nxserver[13611]: (nx) Failed login for user=dion from
> 
> IP=127.0.0.1
> 
> > > > > Yup
> > > > >
> > > > > > I have checked that the public key is in /home/dion/.
> > > > > > ssh/authorized_keys. If I
> > > > > > do ssh -p 443 localhost on the computer with the account dion it
> > >
> > > asks
> > >
> > > > > for my
> > > > >
> > > > > > passphrase of my private keypair (not the NX one) and I can log
> 
> in
> 
> > > and
> > >
> > > > > SSH in
> > > > >
> > > > > You need to use password authentication for the local user after
> > > > > connecting via ssh as user nx.
> > > > >
> > > > > Some distros disable this by default because it allows brute force
> > >
> > > attacks
> > >
> > > > > . . . .
> > > > >
> > > > > > remotely fine without problems. I'm not sure whether it helps
> 
> but
> 
> > > when I
> > >
> > > > > try
> > > > >
> > > > > > ssh -p 443 nx at localhost it asks for a Password, of which nothing
> 
> I
> 
> > > > > > try can log
> > > > > > it in.
> > > > > >
> > > > > > This is my sshd_config:
> > > > > > Port 443
> > > > > > Protocol 2
> > > > > > SyslogFacility AUTH
> > > > > > PermitRootLogin no
> > > > > > RSAAuthentication yes
> > > > > > PubkeyAuthentication yes
> > > > > > PasswordAuthentication no
> > > > >
> > > > > Here
> > > > >
> > > > > Just change to PasswordAuthentication  yes
> > > > >
> > > > > > PermitEmptyPasswords no
> > > > > > UsePAM yes
> > > > > > Compression yes
> > > > > > KeepAlive yes
> > > > > > ClientAliveInterval 30
> > > > > > ClientAliveCountMax 4
> > > > > > AuthorizedKeysFile      .ssh/authorized_keys
> > > > > > LogLevel VERBOSE
> > > > > >
> > > > > > (Note: I run SSH on port 443 on purpose, not by accident)
> > > > > >
> > > > > > Summary: When trying to connect using username and password for
> 
> the
> 
> > > > > account
> > > > >
> > > > > > "dion" which exists on the box running freenx it says
> 
> Authentication
> 
> > > > > failed
> > > > >
> > > > > > for user dion.
> > > > > >
> > > > > > Any ideas? Much appreciated.
> >
> > ________________________________________________________________
> >
> > > > > >      Were you helped on this list with your FreeNX problem?
> > > > > >     Then please write up the solution in the FreeNX Wiki/FAQ:
> 
> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
> 
> > > > > >          Don't forget to check the NX Knowledge Base:
> > > > > >                  http://www.nomachine.com/kb/
> >
> > ________________________________________________________________
> >
> > > > > >        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
> > > > > >       https://mail.kde.org/mailman/listinfo/freenx-knx
> >
> > ________________________________________________________________
> >
> > > > > -------------------------------------------------------
> > >
> > > 
________________________________________________________________
> > >
> > > >      Were you helped on this list with your FreeNX problem?
> > > >     Then please write up the solution in the FreeNX Wiki/FAQ:
> 
> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
> 
> > > >          Don't forget to check the NX Knowledge Base:
> > > >                  http://www.nomachine.com/kb/
> > > >
> > > > 
________________________________________________________________
> > > >        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
> > > >       https://mail.kde.org/mailman/listinfo/freenx-knx
> > > > 
________________________________________________________________
> 
> ________________________________________________________________
> 
> >      Were you helped on this list with your FreeNX problem?
> >     Then please write up the solution in the FreeNX Wiki/FAQ:
> 
> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
> 
> >          Don't forget to check the NX Knowledge Base:
> >                  http://www.nomachine.com/kb/
> >
> > ________________________________________________________________
> >        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
> >       https://mail.kde.org/mailman/listinfo/freenx-knx
> > ________________________________________________________________
> 
-- 
Dion Moult :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20090927/f7f04b34/attachment.sig>

More information about the FreeNX-kNX mailing list