<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 2/23/2014 5:54 AM,
<a class="moz-txt-link-abbreviated" href="mailto:chris@ccburton.com">chris@ccburton.com</a> wrote:<br>
</div>
<blockquote
cite="mid:OF0845AE6F.B53EEDAF-ON80257C88.0038BEDA-80257C88.003BE9D3@ccburton.com"
type="cite">
<br>
<a class="moz-txt-link-abbreviated" href="mailto:freenx-knx-bounces@kde.org">freenx-knx-bounces@kde.org</a> wrote on 22/02/2014 18:49:23:<br>
<br>
>> So <br>
>> <br>
>> now you know <br>
>> your nx account is fine <br>
>> and <br>
>> nxserver is installed . . . <br>
>> which <br>
>> should log you in as <br>
>> user
"glen" <br>
>> provided <br>
>> your user "glen" account can log in <br>
>> set in /etc/ssh/sshd_config)
<br>
> I guess I don't quite understand why PasswordAuth
needs to be <br>
> enabled in SSH. It does look like I'm logging in fine through
SSH
<br>
> (since the welcome message shows up in NX's client log).<br>
<br>
NX uses s key pair for the user <br>
nx
<br>
to set up an ssh "encrypted tunnel" to move
your compressed
<br>
X session over the network.
<br>
<br>
It then logs in the normal user to ANOTHER LOCAL ssh
<br>
session using
<br>
<br>
ssh PasswordAuthentication
<br>
<br>
from
<br>
the end of the tunnel on the NX server <br>
to
<br>
the same NX server ie. ssh 127.0.0.1
<br>
<br>
The first ssh session uses user nx and the nx key
pair
<br>
so
<br>
you add the nx key to the nxclient
<br>
and
<br>
don't worry about user nx 'cos the client knows
<br>
<br>
The second session uses
<br>
your username
(glen)
<br>
and
<br>
glen's password
on the FreeNX server
<br>
so
<br>
you put glen & glen's password into the nxclient
<br>
login entry fields.
<br>
<br>
<br>
You do NOT need your ssh key OR username nx
<br>
ANYWHERE for NXv3 login unless you have moved
<br>
away from the default login method
<br>
<br>
<br>
> I've tried enabling PasswordAuth anyways (and restarting the
<br>
> machine), and here's the result:<br>
<br>
> Pseudo-terminal will not be allocated because
stdin is not a terminal.<br>
> <br>
> Permission denied (publickey,password).<br>
<br>
Different error. which user are you attemting to log
ing in as??
<br>
<br>
nx ??
<br>
<br>
> <br>
> And I'm entering the exact password I normally use to log
into my
<br>
> account on the machine.<br>
<br>
OK , so what's new in the nx server log just after
this attempt ??
<br>
<br>
<br>
>> Here's another annoying test to help you
along <br>
>>> <br>
>> 1/ Add the nx private key (as a new key file) to your
.ssh/ directory
<br>
>> in the same format as the other private
keys. <br>
>> Sounds like you generated your own
pair 2me <br>
>> <br>
>> 2/ run <br>
>> <br>
>> ssh -l nx -i ~/.ssh/new-nx-private-key.file
your-server-IP <br>
<br>
<br>
> Alright, so I go to /var/lib/nxserver/home/default_keys
(which is <br>
> where the key is stored, I believe).
<br>
> I copy the key named client.id_dsa.key dated
at Mar 22 2012
<br>
> to ~/.ssh/nx_priv_key.dsa,
<br>
> then I run
<br>
> ssh -l nx -i ~/ssh/nx_priv_key.dsa 192.168.1.133.
<br>
> SSH continues to
<br>
> warn me about the authenticity of the server,
<br>
<br>
normal
<br>
<br>
> asks me if I want to continue (I say yes),
<br>
> says it was permanentlyadded to the list of known
hosts,
<br>
<br>
normal
<br>
<br>
> warns me about an unprotected key file,
<br>
> warns that permissions are too open,
<br>
> then tells me that it will be ignored.
<br>
<br>
The key file will be ignored unless its mode 0700
<br>
<br>
> It then asks me for nx's password, of which I
have no clue,
<br>
<br>
cos it can't use the (ignored) key file so it tries
password
<br>
<br>
*** user nx should have NO password set ***
<br>
<br>
<br>
> so after trying my own password,
<br>
> I send a SIGINT to ssh and go about changing
the permissions
<br>
> on the key file.
<br>
<br>
Well done
<br>
<br>
> I give myself (and only myself) read permissions
on the new
<br>
> copy of the key file, and run the previous ssh
command again.<br>
<br>
well done again. I could list all these detail things
but most
<br>
people already know or work or ask . . .
<br>
<br>
<br>
> At this point, the SSH welcome message is printed,
<br>
<br>
right
<br>
<br>
> and to my great surprise,
<br>
<br>
. . . but it's not surprising to me . . . <br>
<br>
You are now connected using the correct name(nx) and
key pair.
<br>
<br>
<br>
<br>
*** You need this key for the nxclient. ***
<br>
<br>
copy it from the file into the entry field in the
nx client
<br>
<br>
</blockquote>
Alright: Here's a new test. This time, I logged in over SFTP and
copied the file just to be sure they were the same (it seems like I
may have actually had a different key file!). With the new file in
hand, I fire up NoMachine again, and started the log in process.
Now, it just seems to indefinitely sit at the screen saying
Connecting to glenux. I looked through my auth.log, and found this
bit:<br>
<br>
<blockquote type="cite">Feb 23 15:05:51 glenux sshd[2489]: Accepted
publickey for nx from 192.168.1.121 port 49976 ssh2<br>
Feb 23 15:05:51 glenux sshd[2489]: pam_unix(sshd:session): session
opened for user nx by (uid=0)</blockquote>
<br>
So it must have authed with SSH at this point? The only problem,
though, is that it appears nxserver is not creating a new log file
in the /var/log directory.<br>
<br>
<blockquote
cite="mid:OF0845AE6F.B53EEDAF-ON80257C88.0038BEDA-80257C88.003BE9D3@ccburton.com"
type="cite">
<br>
> nxserver says hello and gives me a prompt of
its own!
<br>
> I don't know what to do at this point so I say
"BYE".<br>
<br>
You can at this point test log in as your user
<br>
<br>
( yup, another annoying test )
<br>
<br>
at that
<br>
"NX
> 105 " prompt
<br>
( your version will probably be different )
<br>
enter
<br>
login <return>
<br>
expect
<br>
"NX>
101 User:"
<br>
enter
<br>
"glen"
<return>
<br>
expect
<br>
"NX> 102
Password:"
<br>
<br>
now enter user account "glen"'s
password and return
<br>
(you still have PasswordAuthentication
yes I hope )
<br>
<br>
expect
<br>
"NX> 103
Welcome to: harrow user: glen
<br>
NX> 105"
<br>
<br>
If you <return> you will see a "quit"
reply
<br>
<br>
eg.
<br>
<br>
<br>
HELLO NXSERVER - Version 3.2.0-73 OS (GPL, using backend:
3.5.0)
<br>
NX> 105 login
<br>
login
<br>
NX> 101 User: glen
<br>
glen
<br>
NX> 102 Password:
<br>
NX> 103 Welcome to: servername user: glen
<br>
NX> 105
<br>
<br>
quit
<br>
Quit
<br>
NX> 999 Bye
<br>
</blockquote>
Ok, I gave that a try:<br>
<br>
<blockquote type="cite">HELLO NXSERVER - Version 3.2.0-74-SVN OS
(GPL, using backend: 3.5.0)<br>
NX> 105 login<br>
login<br>
NX> 101 User: glen<br>
glen<br>
NX> 102 Password:<br>
NX> 103 Welcome to: glenux user: glen<br>
NX> 105<br>
quit<br>
Quit<br>
NX> 999 Bye<br>
/usr/bin/nxserver: line 580: kill: (3426) - No such process<br>
Connection to 192.168.1.133 closed.</blockquote>
Well, so far so good (I think...).<br>
<blockquote
cite="mid:OF0845AE6F.B53EEDAF-ON80257C88.0038BEDA-80257C88.003BE9D3@ccburton.com"
type="cite">
<br>
> <br>
> Now, going back to the nomachine client on my windows
computer, I
<br>
> try logging in again over the ssh protocol with the nomachine
login
<br>
> and using the nxserver private key. I again attempt logging
in with
<br>
> my ubuntu user and password, although authentication fails
once again:<br>
<br>
> Pseudo-terminal will not be allocated because
stdin is not a terminal.<br>
> <br>
> Permission denied (publickey,password).
<br>
> Any further ideas?<br>
<br>
Yup.
<br>
<br>
put the correct key ( for user nx ) into the client
<br>
with
<br>
your username and password ( glen, glen's password
)
<br>
<br>
<br>
Have
<br>
PasswordAuthentication
yes
<br>
in ssh
<br>
<br>
<br>
Look in the log if it doesn't work and tell us what
it says
<br>
for the session you just tried
<br>
( you may have another issue too )
<br>
<br>
Let us know how you get on . . <br>
<br>
<br>
</blockquote>
Ok, I may have forgotten this, but I guess I have to create the log
file for nxserver if it doesn't exist :P I did that and confirmed
everything was working by running the test log in, and it seemed
like it was logging ok at that point.<br>
<br>
Now, I try logging in with NoMachine again, and here is the result:<br>
<br>
<blockquote type="cite">glen@glenux:/var/log$ cat nxserver.log<br>
<br>
-- NX SERVER START: - ORIG_COMMAND=<br>
-- NX SERVER START: - ORIG_COMMAND=<br>
Info: Using fds #4 and #3 for communication with nxnode.<br>
HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend:
3.5.0)<br>
NX> 105 hello NXCLIENT - Version 3.2.0<br>
NX> 134 Accepted protocol: 3.2.0<br>
NX> 105 SET SHELL_MODE SHELL<br>
NX> 105 SET AUTH_MODE PASSWORD<br>
NX> 105 login<br>
NX> 101 User: glen<br>
NX> 102 Password: glen@glenux:/var/log$<br>
</blockquote>
So either it's waiting for a password (and the client hasn't picked
up on that), or the password was entered and it just doesn't know
what to do now. Just for kicks and grins, I tried clearing all saved
passwords in the client, then I tried logging in again. Same result.<br>
<br>
<blockquote
cite="mid:OF0845AE6F.B53EEDAF-ON80257C88.0038BEDA-80257C88.003BE9D3@ccburton.com"
type="cite">
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">________________________________________________________________
Were you helped on this list with your FreeNX problem?
Then please write up the solution in the FreeNX Wiki/FAQ:
<a class="moz-txt-link-freetext" href="http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ">http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ</a>
Don't forget to check the NX Knowledge Base:
<a class="moz-txt-link-freetext" href="http://www.nomachine.com/kb/">http://www.nomachine.com/kb/</a>
________________________________________________________________
FreeNX-kNX mailing list --- <a class="moz-txt-link-abbreviated" href="mailto:FreeNX-kNX@kde.org">FreeNX-kNX@kde.org</a>
<a class="moz-txt-link-freetext" href="https://mail.kde.org/mailman/listinfo/freenx-knx">https://mail.kde.org/mailman/listinfo/freenx-knx</a>
________________________________________________________________</pre>
</blockquote>
</body>
</html>