[FreeNX-kNX] FreeNX-kNX] Still can't ssh with keys, wtf

dewey hylton freenx at deweyonline.com
Mon Aug 8 13:08:48 UTC 2005 

> Date: Sun, 07 Aug 2005 22:02:32 -0700
> From: Art Fore <art.fore at comcast.net>
> Subject: Re: [FreeNX-kNX] Still can't ssh with keys, wtf
> To: User Support for FreeNX Server and kNX Client <freenx-knx at kde.org>
> Message-ID: <1123477352.7881.24.camel at linux.site>
> Content-Type: text/plain
> 
> On Sun, 2005-08-07 at 23:26 -0500, Clay McCoy wrote:
> > I've written about the details in several other posts, but I'm not 
> > getting much help so I am putting it all together here.
> > 
> > I understand how it is supposed to work.  I have followed all the 
> > directions on:
> > http://fedoranews.org/contributors/rick_stout/freenx/
> > and
> > http://fedoranews.org/contributors/rick_stout/ssh/
> > and
> > http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ/Server
> > 
> > I am using fedora core 4 and the mac os X nomachine client.  I am using 
> > the standard keys, and I have the client one copied over to the client.  
> > I have checked all the permissions.  I have posted a debugged log of 
> > /var/log/secure.
> > 
> > "ssh -i /usr/NX/share/keys/client.id_dsa.key  nx@[nxserver]" prompts for 
> > a passphrase, then when I can't supply one a password.  It is so simple, 
> > I cannot see anything that I am doing wrong.  It is very frustrating!!
> > 
> > Any help would be greatly appreciated.
> > _______________________________________________
> > FreeNX-kNX mailing list
> > FreeNX-kNX at kde.org
> > https://mail.kde.org/mailman/listinfo/freenx-knx
> 
> All I can say is that I sympathize with you. I am having the same type
> problems with Suse 9.3. It must depend on the time, tempurature, and
> phase of the moon on whether FreeNX works or not.
> 
> Art

let me throw this out there, because it's been said before but you seem to have
missed it ... the problem you're dealing with has nothing to do with freenx.
it's an ssh problem. if you cannot get past ssh, you're nowhere near freenx yet.
even if freenx were actually broken, it wouldn't cause ssh problems - it relies
on ssh, not the other way around.

getting sshd into debug mode, and attempting to connect with the key should show
you what's wrong (if anything) on the server side. if you have verbosity set
high enough in debug mode and don't see the reason, it's possible that the
problem is on the client side - so do the same, but connect with ssh in debug
mode. you are sure to be told what the problem is on one end or another if you
look hard enough. this is where i was trying to go with my last two responses.

now having said that, the only time i can recall being asked for a passphrase
when attempting to use a key that is not encrypted is when the key was itself
not readable by my userid. so just before you try your next `ssh -i ...` try a
`cat ssh-keyname` and see if you can even read it. if you get a bunch of text
that includes something such as:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED

then the key is indeed encrypted and requires the correct passphrase to decrypt.
if you can't decrypt it, you can't use it - and will be asked for a standard
unix password for the target user account on the server. this is just the way it
works. i doubt however that your key is encrypted if it is indeed the "standard"
key used for NX ...

i hope this helps at least a little. i know things can get frustrating when
you're not even sure where to look; the growing shiny spot atop my head is proof
i've been there. :/

More information about the FreeNX-kNX mailing list