[FreeNX-kNX] FreeNX CentOS Permission denied (publickey, gssapi-keyex, gssapi-with-mic)

chris at ccburton.com chris at ccburton.com
Fri Jul 26 11:36:51 UTC 2013


freenx-knx-bounces at kde.org wrote on 25/07/2013 22:53:10:

[SNIP]
 
> Maybe you could sanitize your sshd_config and node.conf 
> and send them over . . . 
> 
> I am using PASSDB and PasswordAuthentication is set to "no".  After 
> the guides both failed and spending hours trying minor tweaks, I set

The second guide needs password authentication and doesn't use PASSDB


> it up almost exactly like my Ubuntu servers (which have no 
> problems).  Still the same issue.  It doesn't work on CentOS for 
> some reason.  I also changed the default SSH port to begin with.  By
> doing so, I had to edit an IPTables rule to allow it on the 
> different port because CentOS doesn't detect this. Anyways, I know 
> it's not a problem with IPTables because I disabled them while testing.  

> 
> The public key generated using this command (from the blog linked in
> my previous message):
> 
> ssh-keygen -t dsa -N '' -f /etc/nxserver/client.id_dsa.key
> 
> Is included in both the nx user's home .ssh authorized_keys2 file 
> and my user's .ssh authorized_keys2 file.  PassDB authentication 
> appears to work because a bogus login and password returns an 
> authentication denied message... it appears it's the public key part
> failing, and I don't know why.  After all, it does log me in using 
> PASSDB, but fails when trying to use the key... any idea?

It's impossible for me to tell exactly what's going on from your
description
however
you can run a few tests (from the server) which may help.

eg.
        login to the server
        sudo bash
to get a root shell
then
        su -l -s /bin/bash nx
to get a shell as user nx

run the line of PASSDB code which seems to be failing . . . .

(   echo "$@" | $COMMAND_SSH -l burtonc 127.0.0.1 -p 22 -x -2 -i 
/etc/nxserner/users.id_dsa -o 'PubkeyAuthentication yes' -o 
'RSAAuthentication yes' -o 'RhostsAuthentication no' -o 
'PasswordAuthentication no' -o 'RhostsRSAAuthentication no' -o 
'StrictHostKeyChecking no' /usr/bin/nxnode "$CMD"  )

. . . but with the blanks filled in . . .

eg.  for your username instead of "user"

/usr/bin/ssh  -l "user" 127.0.0.1 -p 22 -x -2 -i  /
        /etc/nxserver/users.id_dsa -o 'PubkeyAuthentication yes' /
        -o 'RSAAuthentication yes' -o 'RhostsAuthentication no' /
        -o 'PasswordAuthentication no' -o 'RhostsRSAAuthentication no'/
        -o 'StrictHostKeyChecking no'


You should get either an error message or a command prompt.


















-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20130726/b427c3f5/attachment.html>


More information about the FreeNX-kNX mailing list