[FreeNX-kNX] FreeNX CentOS Permission denied (publickey, gssapi-keyex, gssapi-with-mic)
chris at ccburton.com
chris at ccburton.com
Fri Jul 26 11:36:51 UTC 2013
freenx-knx-bounces at kde.org wrote on 25/07/2013 22:53:10:
[SNIP]
> Maybe you could sanitize your sshd_config and node.conf
> and send them over . . .
>
> I am using PASSDB and PasswordAuthentication is set to "no". After
> the guides both failed and spending hours trying minor tweaks, I set
The second guide needs password authentication and doesn't use PASSDB
> it up almost exactly like my Ubuntu servers (which have no
> problems). Still the same issue. It doesn't work on CentOS for
> some reason. I also changed the default SSH port to begin with. By
> doing so, I had to edit an IPTables rule to allow it on the
> different port because CentOS doesn't detect this. Anyways, I know
> it's not a problem with IPTables because I disabled them while testing.
>
> The public key generated using this command (from the blog linked in
> my previous message):
>
> ssh-keygen -t dsa -N '' -f /etc/nxserver/client.id_dsa.key
>
> Is included in both the nx user's home .ssh authorized_keys2 file
> and my user's .ssh authorized_keys2 file. PassDB authentication
> appears to work because a bogus login and password returns an
> authentication denied message... it appears it's the public key part
> failing, and I don't know why. After all, it does log me in using
> PASSDB, but fails when trying to use the key... any idea?
It's impossible for me to tell exactly what's going on from your
description
however
you can run a few tests (from the server) which may help.
eg.
login to the server
sudo bash
to get a root shell
then
su -l -s /bin/bash nx
to get a shell as user nx
run the line of PASSDB code which seems to be failing . . . .
( echo "$@" | $COMMAND_SSH -l burtonc 127.0.0.1 -p 22 -x -2 -i
/etc/nxserner/users.id_dsa -o 'PubkeyAuthentication yes' -o
'RSAAuthentication yes' -o 'RhostsAuthentication no' -o
'PasswordAuthentication no' -o 'RhostsRSAAuthentication no' -o
'StrictHostKeyChecking no' /usr/bin/nxnode "$CMD" )
. . . but with the blanks filled in . . .
eg. for your username instead of "user"
/usr/bin/ssh -l "user" 127.0.0.1 -p 22 -x -2 -i /
/etc/nxserver/users.id_dsa -o 'PubkeyAuthentication yes' /
-o 'RSAAuthentication yes' -o 'RhostsAuthentication no' /
-o 'PasswordAuthentication no' -o 'RhostsRSAAuthentication no'/
-o 'StrictHostKeyChecking no'
You should get either an error message or a command prompt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20130726/b427c3f5/attachment.html>
More information about the FreeNX-kNX
mailing list