[FreeNX-kNX] VNC connecting question

Fri Oct 29 16:11:24 UTC 2004

Laura Thurber wrote:
>> It isn't necessary, unless you have selected that option in nxserver, or 
>> PAM isnt working properly.
> 
> -It actually was necessary; I kept getting Authentication Failure until I added username to nxserver ^_^
>
Ok, Let me rephrase. It SHOULDN'T be necessary, unless there is a 
problem with PAM authentication or its disabled. If you look at the top 
of /usr/NX/bin/nxserver, there are few lines regarding PAM, internal 
password db usage, and other options. By default, it is enabled. If the 
option

ENABLE_USER_DB="1"

is set, then only added users are allow. By default, it is set to "0" 
meaning that anyone with an account that can be authenticated by PAM can 
logon.
>> I believe you are missing something in your installation.  What flavor 
>> are you running? How did you do the nx backend installation? Are you 
>> using the Kalyxo debs, or some other package? Which guide did you follow?
> 
> -This one: http://ltsp.criticalcontrol.com/freenx.html
> The system in question is running Slackware 9, with the source tarballs from nomachine.com/sources.php.  Pretty much everything it said to do in the walkthrough, so to speak, I did.
> 

Did you make sure that you applied the gentoo-nomachine.diff patch? 
Gentoo's installation relied on the nxclient from nomachine, so the 
typical installation path's were changed to accommodate this. So if you 
are sure that you did the backend installation correctly, do this:
(NOTE: You might want to download the latest sources from Nomachine. 
They can be found at:
http://web01.nomachine.com/download/snapshot/nxsources/ )

su -
userdel nx
rm -rf /usr/NX/etc
rm -rf /usr/NX/home
wget wget http://debian.tu-bs.de/knoppix/nx/freenx-0.2.5.tar.gz
tar -xzvf freenx-0.2.5.tar.gz
cd freenx-0.2.5
cp -f nx* /usr/NX/bin
chmod 755 /usr/NX/bin/nx*
cd /usr/NX/bin
./nxsetup --no-machine-key

BE AWARE IF YOU DO THIS SETUP. Read the security section of this guide 
for potential security risks:

http://fedoranews.org/contributors/rick_stout/freenx/freenx.txt

If you still get the authentication failure, PAM (or the script, not 
sure which at this point) is not doing it's job.

>> Looking at your output, it looks like your RSA key wasnt added to your 
>> nx users known host file. Did you run nxsetup, or create the user manually?
> 
> -I ran nxsetup --no-machine-key about a dozen times over the course of trying to figure out that Authentication Failure problem.  Yesterday I ran `nxserver --adduser laura` ("laura" being my username both on VNC and on the host computer itself)
>

You shouldn't get this error now, if you do the above setup.

> 
>>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
>>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>>Someone could be eavesdropping on you right now (man-in-the-middle attack)!
>>It is also possible that the RSA host key has just been changed.
>>The fingerprint for the RSA key sent by the remote host is
>>87:b6:fb:56:ca:8d:83:2e:6c:55:26:7c:65:75:fb:42.
>>Please contact your system administrator.
>>Add correct host key in /usr/NX/home/nx/.ssh/known_hosts to get rid of this message.
>>Offending key in /usr/NX/home/nx/.ssh/known_hosts:1
>>Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.

>>I'm unsure of how to manually put the key given in known_hosts - I presume that is the key of the nx windows client which is trying to connect to nx?
> 
> This is an error msg relating to a loopback ssh session, where nx tries 
> to ssh to the user account. In this case "laura".
> 