<br><br><div class="gmail_quote">On Sun, Jul 28, 2013 at 5:43 AM, <span dir="ltr"><<a href="mailto:chris@ccburton.com" target="_blank">chris@ccburton.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br><tt><font><a href="mailto:freenx-knx-bounces@kde.org" target="_blank">freenx-knx-bounces@kde.org</a> wrote on 28/07/2013 01:46:35:<div class="im"><br>
<br>
> > "Permission denied (publickey, gssapi-keyex,gssapi-with-mic).<br>
> > NX> 280 Exiting on signal: 15<br>
</div></font></tt><div class="im">
<br><tt><font>> Just a thought: As chris described, a secondary
ssh connection (through<br>
> the tunnel) is used to authenticate the user using *password* auth.
This<br>
> implies, that password-authentication must be supported by your sshd.<br>
> Your error message indicates that this is not the case - the possible<br>
> authentication methods shown do not list "password").<br>
> <br>
> => Have a look at your /etc/ssh/sshd_config ...<br>
> - -Fritz<br>
</font></tt>
<br>
<br>
<br></div><tt><font>You missed the "fun" bit Fritz . . .</font></tt>
<br>
<br><tt><font>. . . he's using PASSDB (which seems to be the
Centos default !!)</font></tt>
<br>
<br><tt><font>This gets around . .</font></tt>
<br><tt><font> 1/ needing PasswordAuthentication
enabled on sshd</font></tt>
<br><tt><font>
visible externaly</font></tt>
<br><tt><font>and</font></tt>
<br><tt><font> 2/ not having
to run TWO sshd instances</font></tt>
<br><tt><font>
2nd one internal only with password</font></tt>
<br><tt><font> by having a</font></tt>
<br><tt><font> universal
key pair log-in for all (FreeNX) users</font></tt>
<br><tt><font>with (its)</font></tt>
<br><tt><font> distributed
public key in every user's ~/.ssh/authorized_keys</font></tt>
<br><tt><font>file.</font></tt>
<br>
<br><tt><font>So instead of you logging in with your password, FreeNX
checks your</font></tt>
<br><tt><font>password against a hash in its</font></tt>
<br><tt><font> /etc/nxserver/passwords</font></tt>
<br><tt><font>and if there is a match, logs you in as your user
with the distributed</font></tt>
<br><tt><font>key ( not so good in my view)</font></tt>
<br><div class="im">
<br>
<br><tt><font>> <br>
> I enabled password authentication, and I still get the same error.
<br>
</font></tt>
<br></div><tt><font>Forget that, if you have PASSDB enabled . . . .</font></tt>
<br><div class="im">
<br><tt><font>> Also, I don't have password authentication enabled
on my Ubuntu <br>
> servers.</font></tt>
<br>
<br></div><tt><font>Quite</font></tt>
<br><div class="im">
<br><tt><font>> On Ubuntu, FreeNX and SSH both work, but
here, using the <br>
> same settings, I keep getting an error.<br>
</font></tt>
<br>
<br></div><tt><font>Well, sounnds like there's just a bug somewhere causing</font></tt>
<br><tt><font> server_nxnode_start</font></tt>
<br><tt><font>to fall over . . . </font></tt>
<br>
<br><tt><font>Sounds a bit like like the $LOGIN_METHOD is going
wrong</font></tt>
<br><tt><font>but</font></tt>
<br><tt><font>I don't quite see how it could,</font></tt>
<br><tt><font>so</font></tt>
<br><tt><font>there may be a hidden ssh-ism or selinixism</font></tt>
<br><tt><font>but</font></tt>
<br><tt><font>I can't see that either</font></tt>
<br><tt><font>so</font></tt>
<br><tt><font>lets follow through FreeNX anyway . . .</font></tt>
<br>
<br>
<br>
<br><tt><font>Next test . . . .</font></tt>
<br>
<br><tt><font>Clear the log and enable user account logging</font></tt>
<br>
<br><tt><font> sudo chmod 777
/var/log/nx/nxserver.log</font></tt>
<br><tt><font> echo " "
> /var/log/nx/nxserver.log</font></tt>
<br>
<br>
<br><tt><font>** BACK UP ** your nxserver script
e.g.</font></tt>
<br>
<br><tt><font> cp /usr/bin/nxserver
/usr/bin/nxserver.20130728-bak</font></tt>
<br><tt><font> md5sum /usr/bin/nxserver
/usr/bin/nxserver.20130728-bak</font></tt>
<br>
<br><tt><font>then edit</font></tt>
<br>
<br><tt><font> /usr/bin/nxserver</font></tt>
<br>
<br><tt><font>at about line 933 ( looking at a Centos one ) where
you can see </font></tt>
<br>
<br>
<br><tt><font> else</font></tt>
<br><tt><font> echo "$@"
| $COMMAND_SSH -l "$USER" . . . etc</font></tt>
<br><tt><font> fi</font></tt>
<br>
<br>
<br><tt><font>add the following line ( sorry about the \ line wrap
again )</font></tt>
<br>
<br><tt><font>echo -e "We got to PASSDB with\n$@\n$COMMAND_SSH\n
\</font></tt>
<br><tt><font>$USER\n$NODE_HOSTNAME\n$SSHD_PORT\n$PATH_BIN\n \</font></tt>
<br><tt><font>$CMD\nand login method $LOGIN_METHOD\n"|log_tee</font></tt>
<br>
<br><tt><font> . . . just before the echo.</font></tt>
<br>
<br><tt><font>Try connecting. Send the logging.</font></tt>
<br></blockquote><div><br>Here's the log: <br></div><div><br><i>-- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND=<br>-- NX SERVER START: - ORIG_COMMAND=<br>Info: Using fds #4 and #3 for communication with nxnode.<br>
HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)<br>NX> 105 hello NXCLIENT - Version 3.2.0<br>NX> 134 Accepted protocol: 3.2.0<br>NX> 105 SET SHELL_MODE SHELL<br>NX> 105 SET AUTH_MODE PASSWORD<br>
NX> 105 login<br>NX> 101 User: user<br>NX> 102 Password: <br>Info: Auth method: passdb <br>NX> 103 Welcome to: localhost.localdomain user: user<br>NX> 105 listsession --user="user" --status="suspended,running" --geometry="1920x1200x32+render" --type="unix-gnome"<br>
NX> 127 Sessions list of user 'user' for reconnect:<br><br>Display Type Session ID Services Dept Screensize Status Session Name Username<br>
------- ---------------- -------------------------------- -------- ---- -------------- ------------- ------------------------------------------------------------ --------------------------------<br><br><br>NX> 148 Server capacity: not reached for user: user<br>
NX> 105 startsession --link="adsl" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="vps" --type="unix-gnome" --geometry="1914x1138" --client="winnt" --keyboard="pc102/en_US" --screeninfo="1914x1138x32+render" <br>
<br>&link=adsl&backingstore=1&encryption=1&cache=16M&images=64M&shmem=1&shpix=1&strict=0&composite=1&media=0&session=vps&type=unix-gnome&geometry=1914x1138&client=winnt&keyboard=pc102/en_US&screeninfo=1914x1138x32+render&clientproto=3.2.0&user=user&userip=192.168.1.101&uniqueid=C520276F85462929964FED92A22793AE&display=1000&host=127.0.0.1 <br>
We got to PASSDB with &link=adsl&backingstore=1&encryption=1&cache=16M&images=64M&shmem=1&shpix=1&strict=0&composite=1&media=0&session=vps&type=unix-gnome&geometry=1914x1138&client=winnt&keyboard=pc102/en_US&screeninfo=1914x1138x32+render&clientproto=3.2.0&user=user&userip=192.168.1.101&uniqueid=C520276F85462929964FED92A22793AE&display=1000&host=127.0.0.1 ssh user 127.0.0.1 45559 /usr/bin --startsession and login method PASSDB <br>
NX> 1004 Error: Session did not start. </i><br><br><b>When I try NXSetup --test, I get this output:</b><br><br><i>[root@localhost tmp]# nxsetup --test <br><br>
----> Testing your nxserver configuration ...<br>Warning: Could not find nxdesktop in /usr/bin. RDP sessions won't work.<br>Warning: Could not find nxviewer in /usr/bin. VNC sessions won't work. <br>Warning: Invalid value "APPLICATION_LIBRARY_PRELOAD=/usr/lib/libX11.so.6.2:/usr/lib/libXext.so.6.4:/usr/lib/libXcomp.so.2:/usr/lib/libXcompext.so:/usr/lib/libXrender.so.1.2". /usr/lib/libX11.so.6.2 could not be found. Users will not be able to run a single application in non-rootless mode. <br>
Warning: "/usr/lib/cups/backend/nxipp" is not executable. <br> Users will not be able to enable printing. <br>
Warning: Invalid value "CUPS_ETC=/etc/cups/" <br> Users will not be able to enable printing. <br>
Warning: Invalid value "COMMAND_START_CDE=cdwm"<br> Users will not be able to request a CDE session.<br>Warning: Invalid value "COMMAND_SMBMOUNT=smbmount". You'll not be able to use SAMBA.<br>
Warning: Invalid value "COMMAND_SMBUMOUNT=smbumount". You'll not be able to use SAMBA.<br>Warning: Invalid cupsd version of "/usr/sbin/cupsd". Need version 1.2.<br> Users will not be able to enable printing.<br>
Error: Could not find 1.5.0 or 2.[01].0 or 3.[01].0 version string in nxagent. NX 1.5.0 or 2.[01].0 or 3.[012].0 backend is needed for this version of FreeNX.<br><br> Warnings occured during config check.<br> To enable these features please correct the configuration file.<br>
<br><---- done<br><br>----> Testing your nxserver connection ...<br>/usr/bin/nxnode-login: line 20: syntax error near unexpected token `('<br>/usr/bin/nxnode-login: line 20: `catch {set tosend $env(NXNODE_TOSEND)}'<br>
Fatal error: Could not connect to NX Server.<br><br>Please check your ssh setup:<br><br>The following are _examples_ of what you might need to check.<br><br> - Make sure "nx" is one of the AllowUsers in sshd_config.<br>
(or that the line is outcommented/not there)<br> - Make sure "nx" is one of the AllowGroups in sshd_config.<br> (or that the line is outcommented/not there)<br> - Make sure your sshd allows public key authentication.<br>
- Make sure your sshd is really running on port 45559.<br> - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2.<br> (this should be a filename not a pathname+filename)<br>
- Make sure you allow ssh on localhost, this could come from some<br> restriction of:<br> -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost<br> -the iptables. add to it:<br> $ iptables -A INPUT -i lo -j ACCEPT<br>
$ iptables -A OUTPUT -o lo -j ACCEPT<br></i><br><br><br>Strange, should I try a compelte and clean reinstall? <br></div></div>