Re: nx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 25 Feb 2012 23:34:32 +0000 (GMT)
Patrick Dupre <patrick.dupre@xxxxxxxxxx> wrote:

> After:
> nxserver --keygen
> 
> I have:
> 
> /usr/NX/share/keys
> total 6
> -rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key
> -rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup
> -rw-r--r--. 1 root root 668 May 28  2007 server.id_dsa.key
> 
> 
> and
> 
> /usr/NX/etc/keys/
> total 4
> -rw-r--r--. 1 root root 603 Dec 19  2010 node.localhost.id_dsa.pub
> -rw-------. 1 nx   root 672 Dec 19  2010 node.localhost.id_dsa
> 

I'm not entirely familiar with this configuration.  I have always used
freenx-server.  My comments below are adapting what you have described
to the method used by freenx-server.

What is the home directory of the nx user?  freenx-server creates a
directory called /var/lib/nxserver/home for this.  You can check the
home directory with the command:

	getent passwd nx

The home directory is the sixth field in the passwd record.

When the nx user tries to log in with public key authentication, sshd
looks for a .ssh directory inside nx's home directory.  Inside the .ssh
directory, there is a file called something like authorized_keys which
is used to verify that NX Client has the correct client key.

I would say that all of the files in nx's .ssh directory should be owned
by nx and have permissions of -rw-------, or 600.

> 
> I do not understand:
> 
> then just go and recopy the key from inside the client .key file in
> the shared keys directory and paste it in your NX CLIENT and the
> connection will then complete successfully.
> 

Here are instructions on how to paste a client key into NX Client:

NoMachine's NX Client has an Advanced Configuration dialog window (aka
Configure...) with several tabs.  The first tab, called General,
has a section called Server.  In the Server section, press the Key...
button.  This brings up a new window.

In the new window there is a text area where you can erase the key that
comes with NX Client and paste in your own client key. 

Once the key is pasted in, click the Import button to save it.  The
small window with the client key text area should disappear.  

Then press the OK button on the Advanced configuration dialog to save
you changes.

Note that each host configured in NX Client has its own private key.


> 
> On the server
> I deleted /usr/NX/share/keys/default.id_dsa.key
> 
> and copy the key:
> /usr/NX/share/keys/default.id_dsa.key
> of the client on the server.
> I also tried do copy in
> /usr/NX/etc/keys/
> 
> nxserver --restart
> 
> But still does not work.
> 

It seems like default.id_dsa.key is the client (private) key in your
configuration.  

However, the server doesn't use client key.  It uses the public key in
a special file called authorized_keys.  (That is what sshd will look
for when the NX Client tries to log in as the nx user with public key
authentication.)

-- 
Support the Free Software Foundation - www.fsf.org
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org


[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux