[FreeNX-kNX] Starting a NX-session fails while publickey is OK but still rejected

Freek de Kruijf f.de.kruijf at gmail.com
Sat Jul 3 15:11:26 UTC 2010 

Op zaterdag 3 juli 2010 16:34:20 schreef chris at ccburton.com:
> Freek de Kruijf <f.de.kruijf at gmail.com> wrote on 03/07/2010 14:34:03:
> > When I start a NX-session I have enables DEBUG logging in sshd.
> > 
> > Below are the lines in the messages file:
> > Jul  3 13:29:54 eik113 sshd[4215]: debug1: trying public key file
> > /var/lib/nxserver/home/.ssh/authorized_keys2
> > Jul  3 13:29:54 eik113 sshd[4215]: debug1: fd 4 clearing O_NONBLOCK
> > Jul  3 13:29:54 eik113 sshd[4215]: debug1: matching key found: file
> > /var/lib/nxserver/home/.ssh/authorized_keys2, line 1
> > Jul  3 13:29:54 eik113 sshd[4215]: Found matching DSA key:
> > xx:yy:zz:aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:11:22 <- clobbered
> > Jul  3 13:29:54 eik113 sshd[4215]: debug1: restore_uid: 0/0
> > Jul  3 13:29:54 eik113 sshd[4215]: debug1: ssh_dss_verify: signature
> 
> correct
> 
> > Jul  3 13:29:54 eik113 sshd[4215]: debug1: do_pam_account: called
> > Jul  3 13:29:54 eik113 sshd[4215]: Failed publickey for nx from
> 
> 192.168.1.32
> 
> > port 44490 ssh2
> > Jul  3 13:29:54 eik113 sshd[4215]: debug1: do_cleanup
> > Jul  3 13:29:54 eik113 sshd[4215]: debug1: PAM: cleanup
> > 
> > I can login from the same machine using publickey access OK.
> > There is nothing in the file /var/log/nxserver.log; which has the proper
> > 
> > access rights. Owner is nx.
> > 
> > I make the connection using ssh -i <file with private key>
> > nx@<nxserver> which
> > gives me the an annoucement and the NX> prompt on a server that works.
> 
> But I
> 
> > get "Connection closed by 192.168.1.33" on the above system.
> 
> Did you copy the private key into your nx client ??
> 

I did, but in the above I copied the private key in a separate file and used 
"ssh -i <that-file-name> nx@<nxserver>". In the log you can see that the 
publickey was OK, but pam refused the access. The problem is why. Doing the 
same to another nxserver with its own private key, the access was OK. I can't 
find the difference between the two servers, apart from the fact the one which 
gives acces is openSUSE 11.1 and the one with the problem is openSUSE 11.3-
RC1.

-- 
vr.gr.

Freek de Kruijf

More information about the FreeNX-kNX mailing list