[FreeNX-kNX] freenx stopped working after update

chris at ccburton.com chris at ccburton.com
Wed Aug 19 09:37:34 UTC 2009 

Hi

Eli Morris <emorris at pmc.ucsc.edu> wrote on 19/08/2009 06:14:44:

> Thanks for helping me out guys. I narrowed down the problem. I created 
> a key pair with ssh-keygen on my client. I put the public key in two 
> places. One under the /var/lib/freenx/home/.ssh directory (the nx user 
> home directory), one under a regular user directory/.ssh. I was able 
> to log in without a password if I logged in to the regular user from 
> my client. I could not log in without a password to the nx user. I 
> have no idea why. Maybe because of the freenx 'shell' that runs when 
> one logs in under the nx user, i.e. /usr/libexec/nx/nxserver. I don't 

The FreeNX shell IS a shell !!

This is what happens when I connect "manualy" . . 

me at there:~> ssh -l nx -i ~/.ssh/nx_dsa -p 22 192.168.1.1
HELLO NXSERVER - Version 2.1.0-71 OS (GPL)
NX> 105


Did you try ssh   -v   -l nx -i ~/.ssh/nx_dsa -p 22 192.168.1.1



> know. Any idea? I'm baffled. Oh, also, permissions look ok on .ssh and 
> authorized_keys, authorized_keys2.
> 
> Chis, here are the answers to the questions you had.
> 
> 1) It was a yum update to the server, which is running Fedora 11.


I was wondering which packages had updated. Updates sometimes don't 
restart things properly.


> 2) The client was not updated.
> 
> I tried removing and reinstalling the freenx package. That did not 
> help. I'm thinking there has got to be something about my system 
> configuration that is not allowing the nx user to log in passwordless. 
> Since the regular user can do it, it must be specific to the nx user 
> somehow. Any ideas?
> 



If ssh -d doesnt tell you what is going on . . 



Check that the nx user name actually has /var/lib/freenx/home as its home 
directory.

Running as root . . . su to user nx with a login shell

type    su -l nx      ( running id will show you if it su ed to user nx.
                                 This will also tell you if the nx account 
is working or disabled or broken in some way )

type    cd            ( to move to the ( hopefully ) nx home directory )

type    pwd           ( which obviously should output /var/lib/freenx/home 
 in your case  )


The next step would be to ensure that nx can connect to sshd on port 22 
using Public/Private keys.




Did you set up sshd in the first Place ??

Did you or A.N.Other set up a second instance of sshd, listening on a 
different port for the initial connection ??

( you might do this for additional security, ie. to have an sshd which 
doesn't allow password connections, only Pub/Pri Keys listening on an 
external ( internet ) IP address, and then set the normal sshd on port 22 
to allow password authentication, but only to listen on internal and 
loopback addresses. If you did there will be two seperate sshd_config 
files somewhere !! )




In /etc/ssh/sshd_config check for . . .

1/ An uncommented line beginning 

AllowUsers

( the parameter format is a space seperated list restricting permitted 
login names      eg.    AllowUsers  User* admin1 admin1 nx )

This entry may well not exist, or may be commented out, but if it does 
exist uncommented then it will restrict connections to usernames listed.




The following may not apply to you, if you did successfully connected as 
another user using a Pub/Pri key, but make sure it wasn't using rhosts etc


Also check for 

2/ lines beginning with

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

The examples above are commented out ( the default ) so they take the 
default values ( as shown )

If yours are not commented out and are ALSO set to no then you will have 
disabled Pub/Pri keys . . .


ssh -v on the client side is often enough but if not you can stop sshd and 
run it with the -d -D switches set it will tell you what it is doing.

The quick way is to edit the /etc/init.d file and add the switches so you 
don't disrupt anything else, than start another root shell, restart the 
service from the new root shell and try connecting as nx and your other 
user.

Good luck again . . .

Chris


> Thanks,
> 
> Eli
> ________________________________________________________________
>      Were you helped on this list with your FreeNX problem?
>     Then please write up the solution in the FreeNX Wiki/FAQ:
> 
> 
http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
> 
>          Don't forget to check the NX Knowledge Base:
>                  http://www.nomachine.com/kb/ 
> 
> ________________________________________________________________
>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>       https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20090819/64492ea5/attachment.html>

More information about the FreeNX-kNX mailing list