[FreeNX-kNX] need to put client key in server authorized_keys?
Alastair Johnson
alastair at solutiontrax.com
Mon Feb 18 23:40:51 UTC 2008
On Monday 18 February 2008, sean darcy wrote:
> All on i386.
> F8 client with nxclient-3.1.0-6 to f9 server with freenx-0.7.1-4.fc9.i386
> nx-2.1.0-24.fc9.i386.
Not seen anyone using NX with f9 before. I was hoping they would have bumped
the nx package to 3.x so 64bit would work reliably, but there we go. This
won't be a problem for you though.
> copied to client the server's key:
> scp asterisk:/etc/nxserver/client.id_dsa.key .
>
> imported key into nxclient, checked key shown in import window is server
> key.
>
> NX> 203 NXSSH running with pid: 24210
> NX> 285 Enabling check on switch command
> NX> 285 Enabling skip of SSH config files
> NX> 285 Setting the preferred NX options
> NX> 200 Connected to address: 192.168.2.6 on port: 22
> NX> 202 Authenticating user: nx
> NX> 208 Using auth method: publickey
> NX> 204 Authentication failed.
>
> I copied to client key to .ssh as id_dsa, as suggested by the Rick Stout
> howto.
>
> No go:
>
> cp client.id_dsa.key id_dsa
> [transfer at notebook .ssh]$ chmod 600 id_dsa
> [transfer at notebook .ssh]$ ssh nx at asterisk
> nx at asterisk's password:
Just to be certain it's using the right file try:
ssh -i /path/to/client.id_dsa.key nx at asterisk
[snip chunk of log]
> Feb 18 15:40:55 asterisk sshd[13660]: debug1: trying public key file
> /var/lib/nxserver/home/.ssh/authorized_keys
> Feb 18 15:40:55 asterisk sshd[13660]: debug1: restore_uid: 0/0
> Feb 18 15:40:55 asterisk sshd[13660]: debug1: temporarily_use_uid:
> 494/487 (e=0/0)
> Feb 18 15:40:55 asterisk sshd[13660]: debug1: trying public key file
> /var/lib/nxserver/home/.ssh/authorized_keys2
> Feb 18 15:40:55 asterisk sshd[13660]: debug1: restore_uid: 0/0
> Feb 18 15:40:55 asterisk sshd[13660]: Failed publickey for nx from
> 192.168.2.4 port 38982 ssh2
> g/secure:
>
>
> So does this mean I need to put some dsa key in
> /var/lib/nxserver/home/.ssh/authorized_keys ?
In the past the keys have been put in the authorized_keys2 file, but that
seems to be being tried as well. It may be worth checking your logs for
SElinux blocking things - it's usually top of my list for unexplained
failures. Setting it temporarily permissive with setenforce 0 (IIRC) and
repeating the test should rule it out as the cause. I'm assuming the new
packages are setting up the keys correctly. It may be worth checking nxkeygen
and the F9 filesystem layout to see that they're still compatible.
> FWIW, I restarted sshd on the server.
>
> sean
More information about the FreeNX-kNX
mailing list