[FreeNX-kNX] first contact, FreeNX
Verner Kjærsgaard
vk at os-academy.dk
Thu Jul 31 17:48:27 UTC 2008
7th Sign | Iván Rico skrev:
>
> it's logging in initially with the user 'nx' - that's what the
> (pre)configured keys (the 'no-machine keys') are for. That's why you
> need to make sure that
>
> a)
> you can log into the machine using ssh
>
>
> b)
> that the nx keys are in place, allowing nx to login without a password.
> c) someone on this list will be able to explain that better than I.
> d) once nx can log in and is logged in, the user is switched to 'frank'.
>
> That's the 'no-machine-key' way, not the FreeNX way. That's why you give
> 'nxsetup --install --setup-nomachine-key --clean --purge' in order to
> make sure the keys ar in place.
>
> Also make sure that the correct ownerships of directories holding the
> keys are in place. On my server:
>
> drwxr-xr-x 4 root users 4096 12 jul 13:20 nxserver/
>
> - this may not be entirely correct...perhaps they really should be owned
> by nx, don't know. But it works..
>
> Further down, I have:
>
> -rw------- 1 nx root 671 12 jul 13:25 authorized_keys2
> -rw-r--r-- 1 nx root 668 12 jul 13:20 client.id_dsa.key
> -rw------- 1 nx root 235 12 jul 13:20 known_hosts
> Gunnar:/var/lib/nxserver/home/.ssh #
>
> - hope this helps!
>
>
> Hello again,
>
> a) I can't log into my server by ssh
> I got this:
>
> ivan at dementor ~ $ ssh root at 192.168.1.247 <mailto:root at 192.168.1.247>
> Permission denied (publickey,gssapi-with-mic).
> ivan at dementor ~
>
> This happens since I change these values to:
> PasswordAuthentication no
> AllowUsers nx root ivan
> on sshd_config
>
> b) I deleted the pass with, passwd -d nx but I have the same results
>
> c) :)
>
> d) I have a few questions about that: Who and How creates these files:
> authorized_keys2, client.id_dsa.key?
> I dont't have them in /etc/nxserver and I don't know where them are
>
> ---------------------------------
> 7th Sign | Iván Rico
> ---------------------------------
>
>
> ------------------------------------------------------------------------
Hi
I'm sorry I don't have time to help you further, the car is packed,
we're off on holiday :-)
One thing, though. You MUST be able to login via SSH.
First, on the remote machine itself at its console, try this
SSH your_username at localhost
This should absolutely succeed. If not, debug your SSH thing (is it
listening and so)
If ok, then try the same thing from outside. Login from your local
machine to the remote machine using SSH
your_login_name at some-server.something.
This MUST succeed. If not check firewall and more. Hint: on the remote
machine, as root, do "tail -f /var/log/messages" (end it with ctrl-c).
This will give you a live log og what's happening.
Then read up on SSH generally. As a normal user, do
ssh-keygen -t dsa
When asked for a pass-phrase, just hit enter.
Now see that a pair of keys are generated, they are placed in
/home/your_user_name/.ssh/some_key_name
and
/home/your_user_name/.ssh/some_key_name.pub
Now copy the -pub key to your home-dir on the remote machine. Put it
into /home/your_home_dir/.ssh/xxx.pub
Now xfer the contents of that xxx.pub file into the "authorized_keys"
file, do
cat xxx.pub >> authorized_keys
Now create a symlink in the same .ssh dir, do
ln -s authorized_keys authorized_keys2
This way SSH will work regardless of SSH looking for authorized_keys or
authorized_keys2.
Make sure the authorized_keys file, is owned by your_user_name and that
its rights are 600. No more, no less. Make sure that your_user_name is
allowed to enter the .ssh directory...
Exit from the remote machine.
Now you should be able to login from your local machine to the remote
machine - without using your password. Do
SSH your_user_name at remote_machine
If you can't, get that fixed first. Then go on to debug/experiment with NX.
- haven't got more time, wish you luck!
--------------------------------------------
Med venlig hilsen/best regards
Verner Kjærsgaard
More information about the FreeNX-kNX
mailing list