<div dir="ltr">thanks for the tips, I understood about the keys and finally I did it, well I don't know if this is the best way.<br><br>I left the default sshd_conf, only I added this 2 lines<br><br>PubkeyAuthentication yes<br>
AuthorizedKeysFile .ssh/authorized_keys2<br><br>in order to connect without problems by ssh then I ran nxsetup --install --setup-nomachine-key but it showed me an error:<br><br>----> Testing your nxserver connection ...<br>
couldn't read file "--check": no such file or directory<br>Fatal error: Could not connect to NX Server.<br><br>but I went to /var/lib/nxserver/home/.ssh/ and I copy allt text of client.id_dsa.key to the nx client, and it worked.<br>
<br>Are there a best way? <br><br><br><div class="gmail_quote">2008/7/31 Verner Kjærsgaard <span dir="ltr"><<a href="mailto:vk@os-academy.dk">vk@os-academy.dk</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<br>
7th Sign | Iván Rico skrev:<br>
<div><div></div><div class="Wj3C7c">><br>
> it's logging in initially with the user 'nx' - that's what the<br>
> (pre)configured keys (the 'no-machine keys') are for. That's why you<br>
> need to make sure that<br>
><br>
> a)<br>
> you can log into the machine using ssh<br>
><br>
><br>
> b)<br>
> that the nx keys are in place, allowing nx to login without a password.<br>
> c) someone on this list will be able to explain that better than I.<br>
> d) once nx can log in and is logged in, the user is switched to 'frank'.<br>
><br>
> That's the 'no-machine-key' way, not the FreeNX way. That's why you give<br>
> 'nxsetup --install --setup-nomachine-key --clean --purge' in order to<br>
> make sure the keys ar in place.<br>
><br>
> Also make sure that the correct ownerships of directories holding the<br>
> keys are in place. On my server:<br>
><br>
> drwxr-xr-x 4 root users 4096 12 jul 13:20 nxserver/<br>
><br>
> - this may not be entirely correct...perhaps they really should be owned<br>
> by nx, don't know. But it works..<br>
><br>
> Further down, I have:<br>
><br>
> -rw------- 1 nx root 671 12 jul 13:25 authorized_keys2<br>
> -rw-r--r-- 1 nx root 668 12 jul 13:20 client.id_dsa.key<br>
> -rw------- 1 nx root 235 12 jul 13:20 known_hosts<br>
> Gunnar:/var/lib/nxserver/home/.ssh #<br>
><br>
> - hope this helps!<br>
><br>
><br>
> Hello again,<br>
><br>
> a) I can't log into my server by ssh<br>
> I got this:<br>
><br>
</div></div>> ivan@dementor ~ $ ssh <a href="mailto:root@192.168.1.247">root@192.168.1.247</a> <mailto:<a href="mailto:root@192.168.1.247">root@192.168.1.247</a>><br>
<div class="Ih2E3d">> Permission denied (publickey,gssapi-with-mic).<br>
> ivan@dementor ~<br>
><br>
> This happens since I change these values to:<br>
> PasswordAuthentication no<br>
> AllowUsers nx root ivan<br>
> on sshd_config<br>
><br>
> b) I deleted the pass with, passwd -d nx but I have the same results<br>
><br>
> c) :)<br>
><br>
> d) I have a few questions about that: Who and How creates these files:<br>
> authorized_keys2, client.id_dsa.key?<br>
> I dont't have them in /etc/nxserver and I don't know where them are<br>
><br>
> ---------------------------------<br>
> 7th Sign | Iván Rico<br>
> ---------------------------------<br>
><br>
><br>
</div>> ------------------------------------------------------------------------<br>
Hi<br>
I'm sorry I don't have time to help you further, the car is packed,<br>
we're off on holiday :-)<br>
<br>
One thing, though. You MUST be able to login via SSH.<br>
First, on the remote machine itself at its console, try this<br>
<br>
SSH your_username@localhost<br>
<br>
This should absolutely succeed. If not, debug your SSH thing (is it<br>
listening and so)<br>
<br>
If ok, then try the same thing from outside. Login from your local<br>
machine to the remote machine using SSH<br>
your_login_name@some-server.something.<br>
<br>
This MUST succeed. If not check firewall and more. Hint: on the remote<br>
machine, as root, do "tail -f /var/log/messages" (end it with ctrl-c).<br>
This will give you a live log og what's happening.<br>
<br>
Then read up on SSH generally. As a normal user, do<br>
<br>
ssh-keygen -t dsa<br>
<br>
When asked for a pass-phrase, just hit enter.<br>
<br>
Now see that a pair of keys are generated, they are placed in<br>
<br>
/home/your_user_name/.ssh/some_key_name<br>
and<br>
/home/your_user_name/.ssh/some_key_name.pub<br>
<br>
Now copy the -pub key to your home-dir on the remote machine. Put it<br>
into /home/your_home_dir/.ssh/xxx.pub<br>
<br>
Now xfer the contents of that xxx.pub file into the "authorized_keys"<br>
file, do<br>
<br>
cat xxx.pub >> authorized_keys<br>
<br>
Now create a symlink in the same .ssh dir, do<br>
<br>
ln -s authorized_keys authorized_keys2<br>
<br>
This way SSH will work regardless of SSH looking for authorized_keys or<br>
authorized_keys2.<br>
<br>
Make sure the authorized_keys file, is owned by your_user_name and that<br>
its rights are 600. No more, no less. Make sure that your_user_name is<br>
allowed to enter the .ssh directory...<br>
<br>
Exit from the remote machine.<br>
<br>
Now you should be able to login from your local machine to the remote<br>
machine - without using your password. Do<br>
<br>
SSH your_user_name@remote_machine<br>
<br>
<br>
If you can't, get that fixed first. Then go on to debug/experiment with NX.<br>
<br>
- haven't got more time, wish you luck!<br>
<div><div></div><div class="Wj3C7c"><br>
<br>
--------------------------------------------<br>
Med venlig hilsen/best regards<br>
Verner Kjærsgaard<br>
<br>
________________________________________________________________<br>
Were you helped on this list with your FreeNX problem?<br>
Then please write up the solution in the FreeNX Wiki/FAQ:<br>
<a href="http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ" target="_blank">http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ</a><br>
Don't forget to check the NX Knowledge Base:<br>
<a href="http://www.nomachine.com/kb/" target="_blank">http://www.nomachine.com/kb/</a><br>
<br>
________________________________________________________________<br>
FreeNX-kNX mailing list --- <a href="mailto:FreeNX-kNX@kde.org">FreeNX-kNX@kde.org</a><br>
<a href="https://mail.kde.org/mailman/listinfo/freenx-knx" target="_blank">https://mail.kde.org/mailman/listinfo/freenx-knx</a><br>
________________________________________________________________<br>
</div></div></blockquote></div><br></div>