This email reöains without response.
On Sun, 26 Feb 2012, Aram J. Agajanian wrote:
On Sat, 25 Feb 2012 23:34:32 +0000 (GMT)
Patrick Dupre <patrick.dupre@xxxxxxxxxx> wrote:
After:
nxserver --keygen
I have:
/usr/NX/share/keys
total 6
-rw-r--r--. 1 root root 668 Feb 26 00:01 default.id_dsa.key
-rw-r--r--. 1 root root 668 Feb 19 14:40 default.id_dsa.key.backup
-rw-r--r--. 1 root root 668 May 28 2007 server.id_dsa.key
and
/usr/NX/etc/keys/
total 4
-rw-r--r--. 1 root root 603 Dec 19 2010 node.localhost.id_dsa.pub
-rw-------. 1 nx root 672 Dec 19 2010 node.localhost.id_dsa
I'm not entirely familiar with this configuration. I have always used
freenx-server. My comments below are adapting what you have described
to the method used by freenx-server.
What is the home directory of the nx user? freenx-server creates a
directory called /var/lib/nxserver/home for this. You can check the
home directory with the command:
getent passwd nx
So, I get:
nx:x:491:483::/usr/NX/home/nx:/usr/NX/bin/nxserver
The home directory is the sixth field in the passwd record.
When the nx user tries to log in with public key authentication, sshd
looks for a .ssh directory inside nx's home directory. Inside the .ssh
directory, there is a file called something like authorized_keys which
is used to verify that NX Client has the correct client key.
I would say that all of the files in nx's .ssh directory should be owned
by nx and have permissions of -rw-------, or 600.
LS /usr/NX/home/nx/.ssh/
total 8
-rw-------. 2 nx root 668 Feb 26 00:01 authorized_keys2
-rw-------. 2 nx root 668 Feb 26 00:01 default.id_dsa.pub
-rw-------. 1 nx root 668 Feb 2 2010 default.id_dsa.pub.backup
-rw-------. 1 nx root 668 Feb 2 2010 restore.id_dsa.pub
I do not understand:
then just go and recopy the key from inside the client .key file in
the shared keys directory and paste it in your NX CLIENT and the
connection will then complete successfully.
Here are instructions on how to paste a client key into NX Client:
NoMachine's NX Client has an Advanced Configuration dialog window (aka
Configure...) with several tabs. The first tab, called General,
has a section called Server. In the Server section, press the Key...
button. This brings up a new window.
In the new window there is a text area where you can erase the key that
comes with NX Client and paste in your own client key.
I can erase and paste the file (from the server)
/usr/NX/home/nx/.ssh/authorized_keys2
(using cat)
no-port-forwarding,no-agent-forwarding,command="/usr/NX/bin/nxserver
--login" ssh-dss
AAAAB3NzaC1kc3MAAACBAN+NMKJ9Y7vl4tYw4LpyNcwwinizWN1wgRYYkBebHZqA6OqQuepbwR5Wa5M99heTXnyZZWLLncC/n/3+sOo7UbM9NJf87aOtRhobcisXFyywWg1HNjq4XkkG0L4BulZW5cHi/jEwJtzP8QoUEVGXdBE7uYSmEVlu1YTk1XFDIQB1AAAAFQDnSg1XV85mq665/wyFgK9d/FgmQQAAAIAki9P0a26mvSZ63hl1/wgZcwPVoESh3c4Blosj/TFgQvxllJKSBJj/bHeNoymRmwsg4X2f6HjtdI4L93EmtnNYGlrG9WRQk6i+WYw8rl6IqN86vkgaZrQfUOmjmj1Sy7OpS/wEZ+62yoCLwd+2z1Wivt9vRRyuVFyHA5EpVT1WDwAAAIBPDzPxvXahxeOZVRB1rKB0zrcSgJBWSj+1N2Gf4zOle7PjXjWhcy1rUNh4o7RznybZ3KAk4zzfDI+7DD4TR2LGJfS4tybm18Yk4St/e6fnUaMqui5n6AxtvHU4/CKuHn2TvsT/Dj0JkvfVeKtLP3hgKPNRyHl50LXmJIAsRnjHHg==
Once the key is pasted in, click the Import button to save it.
Why import?
If I try to import it ask me for a file t open.
Why just not only save?
But the key is now on one line while the previous one was over 10 lines.
Is it OK?
The
small window with the client key text area should disappear.
OK
Then press the OK button on the Advanced configuration dialog to save
you changes.
Now, I get:
DSA key is corrupted or has been protected with a passphrase
How can I check the key?
Thank.
Note that each host configured in NX Client has its own private key.
On the server
I deleted /usr/NX/share/keys/default.id_dsa.key
and copy the key:
/usr/NX/share/keys/default.id_dsa.key
of the client on the server.
I also tried do copy in
/usr/NX/etc/keys/
nxserver --restart
But still does not work.
It seems like default.id_dsa.key is the client (private) key in your
configuration.
However, the server doesn't use client key. It uses the public key in
a special file called authorized_keys. (That is what sshd will look
for when the NX Client tries to log in as the nx user with public key
authentication.)
--
---
==========================================================================
Patrick DUPRÉ | |
Department of Chemistry | | Phone: (44)-(0)-1904-434384
The University of York | | Fax: (44)-(0)-1904-432516
Heslington | |
York YO10 5DD United Kingdom | | email: patrick.dupre@xxxxxxxxxx
==========================================================================
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org