<br><tt><font size=2>freenx-knx-bounces@kde.org wrote on 14/11/2013 18:03:21:<br>
<br>
> Hi!</font></tt>
<br><tt><font size=2>> <br>
> I have set up a gateway, master and two nx-servers.</font></tt>
<br><tt><font size=2>> I can connect to both servers.</font></tt>
<br><tt><font size=2>> I can connect to the master an being forwarded
to one of the servers.</font></tt>
<br><tt><font size=2>> I can connect to the gateway, but this times
out.</font></tt>
<br>
<br><tt><font size=2>[SNIP]</font></tt>
<br>
<br><tt><font size=2>> SERVER_FORWARD_KEY="/var/lib/nxserver/home/.ssh/client.id_dsa.key"</font></tt>
<br>
<br><tt><font size=2>[SNIP]</font></tt>
<br>
<br><tt><font size=2>OK so it all works except the forwarder . . . </font></tt>
<br>
<br>
<br><tt><font size=2>The log from The Forwarder might have been useful
here</font></tt>
<br>
<br><tt><font size=2>set</font></tt>
<br><tt><font size=2> NX_LOG_LEVEL=6</font></tt>
<br><tt><font size=2> NX_LOG_SECURE=1</font></tt>
<br><tt><font size=2> SESSION_LOG_CLEAN=0</font></tt>
<br>
<br><tt><font size=2>in node.conf</font></tt>
<br>
<br><tt><font size=2>Remove the log file and recreate an empty one</font></tt>
<br>
<br><tt><font size=2>chmod it to 777</font></tt>
<br>
<br><tt><font size=2>Try again from a client through The Forwarder to The
Balancer etc</font></tt>
<br><tt><font size=2>see what's in The Forwarder's log . . .</font></tt>
<br>
<br>
<br><tt><font size=2>> I can connect with nx-clients to the gateway,
but no session will be<br>
> established. Instead the client times out:</font></tt>
<br><tt><font size=2>> NX> 203 NXSSH running with pid: 5460</font></tt>
<br><tt><font size=2>> NX> 285 Enabling check on switch command</font></tt>
<br><tt><font size=2>> NX> 285 Enabling skip of SSH config files</font></tt>
<br><tt><font size=2>> NX> 285 Setting the preferred NX options</font></tt>
<br><tt><font size=2>> NX> 200 Connected to address: 10.167.63.124
on port: 22</font></tt>
<br><tt><font size=2>> NX> 202 Authenticating user: nx</font></tt>
<br><tt><font size=2>> NX> 208 Using auth method: publickey</font></tt>
<br><tt><font size=2>> NX> 280 Exiting on signal: 15</font></tt>
<br><tt><font size=2>> <br>
> If starting a sshd in debug mode it shows the client connecting, <br>
> then sits there and waits for the master. After a while it kills the<br>
> connection.</font></tt>
<br><tt><font size=2>> <br>
> seLinux was turned of. The firewall is turned off too.</font></tt>
<br><tt><font size=2>> I am a bit clueless now. Any idea how to make
this run? Or some idea<br>
> to get rid of the gateway and leave this part up to the firewall?</font></tt>
<br><tt><font size=2>> But I'd like to know why this breaks at the gateway.
As all docs <br>
> state it should work out of the box ...!</font></tt>
<br><tt><font size=2>></font></tt>
<br><tt><font size=2>> -- </font></tt>
<br><tt><font size=2>> Thomas</font></tt>
<br>
<br>
<br><tt><font size=2>So, if your ( possibly newly enabled ) logging doesn't
throw</font></tt>
<br><tt><font size=2>up an obvious error,</font></tt>
<br>
<br><tt><font size=2>. . . we start with the basics . . .</font></tt>
<br>
<br>
<br><tt><font size=2>Test if you can successfully ssh connect :- </font></tt>
<br>
<br><tt><font size=2>from</font></tt>
<br><tt><font size=2> the Forwarder</font></tt>
<br><tt><font size=2>to</font></tt>
<br><tt><font size=2> the Balancer</font></tt>
<br><tt><font size=2>as</font></tt>
<br><tt><font size=2> user nx</font></tt>
<br><tt><font size=2>using the client key set up on on the forwarder</font></tt>
<br>
<br>
<br>
<br><tt><font size=2>e.g. in your case:-</font></tt>
<br>
<br><tt><font size=2># switch to user nx with bash as its shell</font></tt>
<br>
<br><tt><font size=2> sudo su -l nx
-s /bin/bash</font></tt>
<br>
<br><tt><font size=2># check there's something in your selected .
. .</font></tt>
<br>
<br><tt><font size=2> cat /var/lib/nxserver/home/.ssh/client.id_dsa.key</font></tt>
<br>
<br><tt><font size=2>ssh -i /var/lib/nxserver/home/.ssh/client.id_dsa.key
nx@10.167.63.127 -p22</font></tt>
<br>
<br>
<br><tt><font size=2>which will tell you whether or not</font></tt>
<br><tt><font size=2> The Forwarder
can see The Balancer's IP</font></tt>
<br><tt><font size=2> The Forwarder
can see The Balancer's port 22 tcp</font></tt>
<br><tt><font size=2> Port 22 on The
Balancer has sshd listening on it</font></tt>
<br><tt><font size=2> The sshd knows
about nx</font></tt>
<br><tt><font size=2>AND if</font></tt>
<br><tt><font size=2> /var/lib/nxserver/home/.ssh/client.id_dsa.key</font></tt>
<br>
<br><tt><font size=2>on The Forwarder, corresponds to</font></tt>
<br>
<br><tt><font size=2> /var/lib/nxserver/home/.ssh/server.id_dsa.pub.key</font></tt>
<br>
<br><tt><font size=2> ( or as you correctly
say</font></tt>
<br><tt><font size=2> authorized_keys
/ authorized_keys2</font></tt>
<br><tt><font size=2> which-ever
you have in sshd_config )</font></tt>
<br>
<br><tt><font size=2>on The Balancer.</font></tt>
<br>
<br>
<br><tt><font size=2>Good luck. Let us know how you get on.</font></tt>
<br>
<br>