[FreeNX-kNX] FreeNX CentOS Permission denied (publickey, gssapi-keyex, gssapi-with-mic)

[OwN-3m-All]

>
>
> > >
> > > Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
> > > NX> 280 Exiting on signal: 15
> > >
> > > The client itself shows "Downloading the session information" and then
> > > states "The NX service is not available or the NX access was disabled
> on
> > > host <IP>"
> > >
> > > I am able to ssh into the server just fine through a normal terminal
> when
> > > using my key.  Does anyone have any idea why the session will not
> start up?
> > > I have verified permissions on the authorized_keys2 files and made
> sure the
> > > public key information was added to this file in both
> > > /var/lib/nxserver/home/.ssh and ~/.ssh
> > >
> > > Service freenx-server status shows NXServer is running.
> >
> > Please try following the instructions in this CentOS wiki article:
> >
> >
> http://wiki.centos.org/HowTos/FreeNX
>
> >
> > Pay attention to the setup involving the "key-based authentication".
> >
> > Akemi
>
>
> . . .  but don't forget that
>
>         PASSDB  authentication setup
>
> adds the FreeNX-user-publickey (typically /etc/nxserver/users.id_dsa.pub)
> to
>         each "set up" FreeNX user's ~/.ssh/authorized_keys
> so
>         anyone who gets hold of the private key
> (/etc/nxserver/users.id_dsa)
> can
>         connect as any user who has been set up in PASSDB
> even
>          if they are later removed
> because
> even
>         uninstalling FreeNX
>         doesn't remove the entries in users ~/.ssh/authorized_keys
>
> (This is another FreeNX not-quite-finished-ism)
>
> These entries need to be removed manually.
>
> This is not mentioned in the documentation.
>
>
>
> NOTE also
> The private key in question is owned by user nx not by root
> which user
>         has it's private key in every nxclient
> and
>         is only protected by restrictions in its own authorized_keys2 file
> i.e.
>
> no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/nxserver"
>
>
>
> And
>         you still need a password to use FreeNX
> and
>         you now have TWO password databases to maintain.
>
>
> IMNSHO running
>          two sshd/sshd_config
> is the safest and simplest method to avoid
> user PasswordAuthentication from outside the machine . . .
>
>
>
I did go over the documentation here, but I still have problems:

http://wiki.centos.org/HowTos/FreeNX

I followed this guide because I wanted to use different keys:

http://techblog.tgharold.com/2009/01/setting-up-freenxnx-on-centos-5.shtml

No luck here either.  I still get that message.   My SSHD_Config specifies
to allow the user nx and my user.  The authorized_keys2 file in
/var/lib/nxserver/home/.ssh is owned by nx:root and has chmod of 600.  My
user's ~/home/.ssh is owned by user:user and has chmod of 600.  Both
authorized_keys2 files have the nxserver public key in them.

I'm still not sure why it's denying access when I can SSH via terminal
using a private key without issue.

Logs don't seem to contain much either...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20130725/e5d745d2/attachment.html>