[FreeNX-kNX] gateway not working with loadbalancing and multiple servers

chris at ccburton.com chris at ccburton.com
Thu Nov 14 20:23:18 UTC 2013 

freenx-knx-bounces at kde.org wrote on 14/11/2013 18:03:21:

> Hi!
> 
> I have set up a gateway, master and two nx-servers.
> I can connect to both servers.
> I can connect to the master an being forwarded to one of the servers.
> I can connect to the gateway, but this times out.

[SNIP]

> SERVER_FORWARD_KEY="/var/lib/nxserver/home/.ssh/client.id_dsa.key"

[SNIP]

OK so it all works except the forwarder . . . 


The log from The Forwarder might have been useful here

set
        NX_LOG_LEVEL=6
        NX_LOG_SECURE=1
        SESSION_LOG_CLEAN=0

in node.conf

Remove the log file and recreate an empty one

chmod it to 777

Try again from a client through The Forwarder to The Balancer etc
see what's in The Forwarder's log . . .


> I can connect with nx-clients to the gateway, but no session will be
> established. Instead the client times out:
> NX> 203 NXSSH running with pid: 5460
> NX> 285 Enabling check on switch command
> NX> 285 Enabling skip of SSH config files
> NX> 285 Setting the preferred NX options
> NX> 200 Connected to address: 10.167.63.124 on port: 22
> NX> 202 Authenticating user: nx
> NX> 208 Using auth method: publickey
> NX> 280 Exiting on signal: 15
> 
> If starting a sshd in debug mode it shows the client connecting, 
> then sits there and waits for the master. After a while it kills the
> connection.
> 
> seLinux was turned of. The firewall is turned off too.
> I am a bit clueless now. Any idea how to make this run? Or some idea
> to get rid of the gateway and leave this part up to the firewall?
> But I'd like to know why this breaks at the gateway. As all docs 
> state it should work out of the box ...!
>
> -- 
> Thomas


So, if your ( possibly newly enabled ) logging doesn't throw
up an obvious error,

. . .  we start with the basics . . .


Test if you can successfully ssh connect :- 

from
        the Forwarder
to
        the Balancer
as
        user nx
using the client key set up on on the forwarder



e.g. in your case:-

# switch to user nx with bash as its shell

        sudo su -l nx -s /bin/bash

# check there's something in your selected  . . .

        cat /var/lib/nxserver/home/.ssh/client.id_dsa.key

ssh -i /var/lib/nxserver/home/.ssh/client.id_dsa.key  nx at 10.167.63.127 
-p22


which will tell you whether or not
        The Forwarder can see The Balancer's IP
        The Forwarder can see The Balancer's port 22 tcp
        Port 22 on The Balancer has sshd listening on it
        The sshd knows about nx
AND if
        /var/lib/nxserver/home/.ssh/client.id_dsa.key

on The Forwarder, corresponds to

        /var/lib/nxserver/home/.ssh/server.id_dsa.pub.key

        ( or as you correctly say
        authorized_keys / authorized_keys2
          which-ever you have in sshd_config )

on The Balancer.


Good luck. Let us know how you get on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20131114/3867de85/attachment.html>

More information about the FreeNX-kNX mailing list