<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><tt><font><div class="im">
<br>
> ><br>
> > Permission denied (publickey,gssapi-keyex,gssapi-with-mic).<br>
> > NX> 280 Exiting on signal: 15<br>
> ><br>
> > The client itself shows "Downloading the session information"
and then<br>
> > states "The NX service is not available or the NX access
was disabled on<br>
> > host <IP>"<br>
> ><br>
> > I am able to ssh into the server just fine through a normal terminal
when<br>
> > using my key. Does anyone have any idea why the session
will not start up?<br>
> > I have verified permissions on the authorized_keys2 files and
made sure the<br>
> > public key information was added to this file in both<br>
> > /var/lib/nxserver/home/.ssh and ~/.ssh<br>
> ><br>
> > Service freenx-server status shows NXServer is running.<br>
> <br>
> Please try following the instructions in this CentOS wiki article:<br>
> <br>
> </div></font></tt><a href="http://wiki.centos.org/HowTos/FreeNX" target="_blank"><tt><font>http://wiki.centos.org/HowTos/FreeNX</font></tt></a><div class="im"><tt><font><br>
> <br>
> Pay attention to the setup involving the "key-based authentication".<br>
> <br>
> Akemi<br>
</font></tt>
<br>
<br></div><tt><font>. . . but don't forget that </font></tt>
<br>
<br><tt><font> PASSDB authentication
setup</font></tt>
<br>
<br><tt><font>adds the FreeNX-user-publickey (typically /etc/nxserver/users.id_dsa.pub)</font></tt>
<br><tt><font>to</font></tt>
<br><tt><font> each "set
up" FreeNX user's ~/.ssh/authorized_keys</font></tt>
<br><tt><font>so</font></tt>
<br><tt><font> anyone who gets
hold of the private key (/etc/nxserver/users.id_dsa)</font></tt>
<br><tt><font>can</font></tt>
<br><tt><font> connect as any
user who has been set up in PASSDB</font></tt>
<br><tt><font>even</font></tt>
<br><tt><font> if they
are later removed</font></tt>
<br><tt><font>because</font></tt>
<br><tt><font>even</font></tt>
<br><tt><font> uninstalling FreeNX</font></tt>
<br><tt><font> doesn't remove
the entries in users ~/.ssh/authorized_keys</font></tt>
<br>
<br><tt><font>(This is another FreeNX not-quite-finished-ism)</font></tt>
<br>
<br><tt><font>These entries need to be removed manually.</font></tt>
<br>
<br><tt><font>This is not mentioned in the documentation.</font></tt>
<br>
<br>
<br>
<br><tt><font>NOTE also</font></tt>
<br><tt><font>The private key in question is owned by user nx not
by root</font></tt>
<br><tt><font>which user</font></tt>
<br><tt><font> has it's private
key in every nxclient</font></tt>
<br><tt><font>and</font></tt>
<br><tt><font> is only protected
by restrictions in its own authorized_keys2 file</font></tt>
<br><tt><font>i.e.</font></tt>
<br><tt><font>no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/nxserver"</font></tt>
<br>
<br>
<br>
<br><tt><font>And</font></tt>
<br><tt><font> you still need
a password to use FreeNX</font></tt>
<br><tt><font>and</font></tt>
<br><tt><font> you now have TWO
password databases to maintain.</font></tt>
<br>
<br>
<br><tt><font>IMNSHO running</font></tt>
<br><tt><font> two sshd/sshd_config</font></tt>
<br><tt><font>is the safest and simplest method to avoid</font></tt>
<br><tt><font>user PasswordAuthentication from outside the machine
. . .</font></tt>
<br>
<br>
<br></blockquote><div><br>I did go over the documentation here, but I still have problems:<br><br><a href="http://wiki.centos.org/HowTos/FreeNX" target="_blank"><tt><font>http://wiki.centos.org/HowTos/FreeNX</font></tt></a> <br>
</div></div><br>I followed this guide because I wanted to use different keys:<br><br><a href="http://techblog.tgharold.com/2009/01/setting-up-freenxnx-on-centos-5.shtml">http://techblog.tgharold.com/2009/01/setting-up-freenxnx-on-centos-5.shtml</a><br>
<br>No luck here either. I still get that message. My SSHD_Config specifies to allow the user nx and my user. The authorized_keys2 file in /var/lib/nxserver/home/.ssh is owned by nx:root and has chmod of 600. My user's ~/home/.ssh is owned by user:user and has chmod of 600. Both authorized_keys2 files have the nxserver public key in them.<br>
<br>I'm still not sure why it's denying access when I can SSH via terminal using a private key without issue.<br><br>Logs don't seem to contain much either...<br>