[FreeNX-kNX] need to put client key in server authorized_keys?

sean darcy seandarcy2 at gmail.com
Fri Feb 22 22:50:40 UTC 2008


Alastair Johnson wrote:
> On Monday 18 February 2008, sean darcy wrote:
>> All on i386.
>> F8 client with nxclient-3.1.0-6 to f9 server with freenx-0.7.1-4.fc9.i386
>> nx-2.1.0-24.fc9.i386.
> 
> Not seen anyone using NX with f9 before. I was hoping they would have bumped 
> the nx package to 3.x so 64bit would work reliably, but there we go. This 
> won't be a problem for you though.
> 
>> copied to client the server's key:
>> scp asterisk:/etc/nxserver/client.id_dsa.key .
>>
>> imported key into nxclient, checked key shown in import window is server
>> key.
>>
>> NX> 203 NXSSH running with pid: 24210
>> NX> 285 Enabling check on switch command
>> NX> 285 Enabling skip of SSH config files
>> NX> 285 Setting the preferred NX options
>> NX> 200 Connected to address: 192.168.2.6 on port: 22
>> NX> 202 Authenticating user: nx
>> NX> 208 Using auth method: publickey
>> NX> 204 Authentication failed.
>>
>> I copied to client key to .ssh as id_dsa, as suggested by the Rick Stout
>> howto.
>>
>> No go:
>>
>> cp client.id_dsa.key id_dsa
>> [transfer at notebook .ssh]$ chmod 600 id_dsa
>> [transfer at notebook .ssh]$ ssh nx at asterisk
>> nx at asterisk's password:
> 
> Just to be certain it's using the right file try:
> 	ssh -i /path/to/client.id_dsa.key nx at asterisk
> 
> [snip chunk of log]
>> Feb 18 15:40:55 asterisk sshd[13660]: debug1: trying public key file
>> /var/lib/nxserver/home/.ssh/authorized_keys
>> Feb 18 15:40:55 asterisk sshd[13660]: debug1: restore_uid: 0/0
>> Feb 18 15:40:55 asterisk sshd[13660]: debug1: temporarily_use_uid:
>> 494/487 (e=0/0)
>> Feb 18 15:40:55 asterisk sshd[13660]: debug1: trying public key file
>> /var/lib/nxserver/home/.ssh/authorized_keys2
>> Feb 18 15:40:55 asterisk sshd[13660]: debug1: restore_uid: 0/0
>> Feb 18 15:40:55 asterisk sshd[13660]: Failed publickey for nx from
>> 192.168.2.4 port 38982 ssh2
>> g/secure:
>>
>>
>> So does this mean I need to put some dsa key in
>> /var/lib/nxserver/home/.ssh/authorized_keys ?
> 
> In the past the keys have been put in the authorized_keys2 file, but that 
> seems to be being tried as well. It may be worth checking your logs for 
> SElinux blocking things - it's usually top of my list for unexplained 
> failures. Setting it temporarily  permissive with setenforce 0 (IIRC) and 
> repeating the test should rule it out as the cause. I'm assuming the new 
> packages are setting up the keys correctly. It may be worth checking nxkeygen 
> and the F9 filesystem layout to see that they're still compatible.
> 
>> FWIW, I restarted sshd on the server.
>>
>> sean

It was selinux. setenforce 0 solved my problem.

sean




More information about the FreeNX-kNX mailing list