[FreeNX-kNX] FreeNX CentOS Permission denied (publickey, gssapi-keyex, gssapi-with-mic)

OwN-3m-All own3mall at gmail.com
Mon Jul 29 06:10:50 UTC 2013 

On Sun, Jul 28, 2013 at 5:43 AM, <chris at ccburton.com> wrote:

>
> freenx-knx-bounces at kde.org wrote on 28/07/2013 01:46:35:
>
>
> > > "Permission denied (publickey, gssapi-keyex,gssapi-with-mic).
> > > NX> 280 Exiting on signal: 15
>
> > Just a thought: As chris described, a secondary ssh connection (through
> > the tunnel) is used to authenticate the user using *password* auth. This
> > implies, that password-authentication must be supported by your sshd.
> > Your error message indicates that this is not the case - the possible
> > authentication methods shown do not list "password").
> >
> > => Have a look at your /etc/ssh/sshd_config ...
> > - -Fritz
>
>
>
> You missed the "fun" bit Fritz . . .
>
> . . .  he's using PASSDB (which seems to be the Centos default !!)
>
> This gets around . .
>         1/ needing PasswordAuthentication enabled on sshd
>                         visible externaly
> and
>         2/ not having to run TWO sshd instances
>                 2nd one internal only with password
>  by having a
>          universal key pair log-in for all (FreeNX) users
> with (its)
>          distributed public key in every user's ~/.ssh/authorized_keys
> file.
>
> So instead of you logging in with your password, FreeNX checks your
> password against a hash in its
>         /etc/nxserver/passwords
> and if there is a match, logs you in as your user with the distributed
> key ( not so good in my view)
>
>
> >
> > I enabled password authentication, and I still get the same error.
>
> Forget that, if you have PASSDB enabled . . . .
>
> > Also, I don't have password authentication enabled on my Ubuntu
> > servers.
>
> Quite
>
> >  On Ubuntu, FreeNX and SSH both work, but here, using the
> > same settings, I keep getting an error.
>
>
> Well, sounnds like there's just a bug somewhere causing
>         server_nxnode_start
> to fall over . . .
>
> Sounds a bit like like the $LOGIN_METHOD is going wrong
> but
> I don't quite see how it could,
> so
> there may be a hidden ssh-ism or selinixism
> but
> I can't see that either
> so
> lets follow through FreeNX anyway . . .
>
>
>
> Next test . . . .
>
> Clear the log and enable user account logging
>
>         sudo chmod 777 /var/log/nx/nxserver.log
>         echo " " > /var/log/nx/nxserver.log
>
>
> ** BACK UP ** your  nxserver  script   e.g.
>
>         cp /usr/bin/nxserver /usr/bin/nxserver.20130728-bak
>         md5sum /usr/bin/nxserver /usr/bin/nxserver.20130728-bak
>
> then edit
>
>         /usr/bin/nxserver
>
> at about line 933 ( looking at a Centos one ) where you can see
>
>
>        else
>             echo "$@" | $COMMAND_SSH -l "$USER" . . .   etc
>        fi
>
>
> add the following line ( sorry about the \ line wrap again )
>
> echo -e "We got to PASSDB with\n$@\n$COMMAND_SSH\n \
> $USER\n$NODE_HOSTNAME\n$SSHD_PORT\n$PATH_BIN\n \
> $CMD\nand login method $LOGIN_METHOD\n"|log_tee
>
>  . . . just before the echo.
>
> Try connecting. Send the logging.
>

Here's the log:

*-- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND=
-- NX SERVER START:  - ORIG_COMMAND=
Info: Using fds #4 and #3 for communication with nxnode.
HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 105 hello NXCLIENT - Version 3.2.0
NX> 134 Accepted protocol: 3.2.0
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: user
NX> 102 Password:
Info: Auth method: passdb
NX> 103 Welcome to: localhost.localdomain user: user
NX> 105 listsession --user="user" --status="suspended,running"
--geometry="1920x1200x32+render" --type="unix-gnome"
NX> 127 Sessions list of user 'user' for reconnect:

Display Type             Session ID                       Services Dept
Screensize     Status        Session
Name                                                 Username
------- ---------------- -------------------------------- -------- ----
-------------- -------------
------------------------------------------------------------
--------------------------------


NX> 148 Server capacity: not reached for user: user
NX> 105 startsession  --link="adsl" --backingstore="1" --encryption="1"
--cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0"
--composite="1" --media="0" --session="vps" --type="unix-gnome"
--geometry="1914x1138" --client="winnt" --keyboard="pc102/en_US"
--screeninfo="1914x1138x32+render"

&link=adsl&backingstore=1&encryption=1&cache=16M&images=64M&shmem=1&shpix=1&strict=0&composite=1&media=0&session=vps&type=unix-gnome&geometry=1914x1138&client=winnt&keyboard=pc102/en_US&screeninfo=1914x1138x32+render&clientproto=3.2.0&user=user&userip=192.168.1.101&uniqueid=C520276F85462929964FED92A22793AE&display=1000&host=127.0.0.1

We got to PASSDB with
&link=adsl&backingstore=1&encryption=1&cache=16M&images=64M&shmem=1&shpix=1&strict=0&composite=1&media=0&session=vps&type=unix-gnome&geometry=1914x1138&client=winnt&keyboard=pc102/en_US&screeninfo=1914x1138x32+render&clientproto=3.2.0&user=user&userip=192.168.1.101&uniqueid=C520276F85462929964FED92A22793AE&display=1000&host=127.0.0.1
ssh user 127.0.0.1 45559 /usr/bin --startsession and login method PASSDB
NX> 1004 Error: Session did not start. *

*When I try NXSetup --test, I get this output:*

*[root at localhost tmp]# nxsetup
--test

----> Testing your nxserver configuration ...
Warning: Could not find nxdesktop in /usr/bin. RDP sessions won't work.
Warning: Could not find nxviewer in /usr/bin. VNC sessions won't work.
Warning: Invalid value
"APPLICATION_LIBRARY_PRELOAD=/usr/lib/libX11.so.6.2:/usr/lib/libXext.so.6.4:/usr/lib/libXcomp.so.2:/usr/lib/libXcompext.so:/usr/lib/libXrender.so.1.2".
/usr/lib/libX11.so.6.2 could not be found. Users will not be able to run a
single application in non-rootless
mode.

Warning: "/usr/lib/cups/backend/nxipp" is not
executable.

         Users will not be able to enable
printing.

Warning: Invalid value
"CUPS_ETC=/etc/cups/"

         Users will not be able to enable
printing.

Warning: Invalid value "COMMAND_START_CDE=cdwm"
         Users will not be able to request a CDE session.
Warning: Invalid value "COMMAND_SMBMOUNT=smbmount". You'll not be able to
use SAMBA.
Warning: Invalid value "COMMAND_SMBUMOUNT=smbumount". You'll not be able to
use SAMBA.
Warning: Invalid cupsd version of "/usr/sbin/cupsd". Need version 1.2.
         Users will not be able to enable printing.
Error: Could not find 1.5.0 or 2.[01].0 or 3.[01].0 version string in
nxagent. NX 1.5.0 or 2.[01].0 or 3.[012].0 backend is needed for this
version of FreeNX.

  Warnings occured during config check.
  To enable these features please correct the configuration file.

<---- done

----> Testing your nxserver connection ...
/usr/bin/nxnode-login: line 20: syntax error near unexpected token `('
/usr/bin/nxnode-login: line 20: `catch {set tosend $env(NXNODE_TOSEND)}'
Fatal error: Could not connect to NX Server.

Please check your ssh setup:

The following are _examples_ of what you might need to check.

        - Make sure "nx" is one of the AllowUsers in sshd_config.
    (or that the line is outcommented/not there)
        - Make sure "nx" is one of the AllowGroups in sshd_config.
    (or that the line is outcommented/not there)
        - Make sure your sshd allows public key authentication.
        - Make sure your sshd is really running on port 45559.
        - Make sure your sshd_config AuthorizedKeysFile in sshd_config is
set to authorized_keys2.
    (this should be a filename not a pathname+filename)
  - Make sure you allow ssh on localhost, this could come from some
    restriction of:
      -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost
      -the iptables. add to it:
         $ iptables -A INPUT  -i lo -j ACCEPT
         $ iptables -A OUTPUT -o lo -j ACCEPT
*


Strange, should I try a compelte and clean reinstall?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20130729/9a6e305f/attachment.html>

More information about the FreeNX-kNX mailing list