[FreeNX-kNX] Oh those keys...SOLVED!!

Verner Kjærsgaard vk at os-academy.dk
Sat Jul 12 11:34:30 UTC 2008 


Tim Hägele skrev:
> Hello Verner,
> I had a similar problem where I could not log in and just run out of 
> ideas why.
> Eventually it worked after deleting the key in /usr/NX/home/nx/.ssh/ (or 
> different path) an running nxsetup again.
> 
> In node.conf I set
> 
> ENABLE_SSH_AUTHENTICATION=”1″
> ENABLE_USER_DB=”0″
> 
> 
> Greetings Tim
> 
> 
> 
> 
> Verner Kjærsgaard schrieb:
>> Am trying to get FreeNX to work on SuSE11.
>> Fresh install.
>> Did run nxsetup with --nomachine-keys and all.
>> Changed /etc/nxserver/node.conf with
>>
>> ENABLE_SSH_AUTHENTICATION="1"
>> ENABLE_SU_AUTHENTICATION="1"
>>
>> If I put my private key into /home/mydir/.ssh/authorized_keys2 I can log 
>> in without password.
>> No firewall, ssh works.
>>
>> If I copy the /var/lib/nxserver/home/.ssh/client.id_dsa.key to my own 
>> local machine and do
>>
>> "ssh -i client.id_dsa.key nx at remoteserver "
>>
>> I'm prompted for an nx password. Because the nx user is not authorized 
>> using the keys.
>> The permissions and ownership of the keys are correct.
>>
>> If I google I find 1000s of questions like this...no answer. People copy 
>> id-files here and there, - and the user nx cannot get going.
>>
>> Surely lots of people have solved this little problem...only its 
>> solution is well hidden :-)
>>
>> Anyone?
>>

Hi Tim and thank you!

- didn't work.

SSH generally works with keys from my private (this pc in fact) machine 
to the remote machine. Without password and all.

- I thought I know ssh...it seems I don't.

On the remote, if I go:

cd /var/lib/nxserver/home/.ssh/
ssh -i client.id_dsa.key nx at localhost

- I'm prompted for a password. This is ODD.

SOLVED:

Your suggestions made me look in a different way..
BUG: /var/lib/nxserver is owned by ROOT and has perms 700 which makes it 
IMPOSSIBLE for SSH do get to the key in authorized_keys2.
Changed its owner to nx. Done.

Thank You!




-- 
--------------------------------------------
Med venlig hilsen/best regards
Verner Kjærsgaard

More information about the FreeNX-kNX mailing list