On Tue, 2006-01-24 at 08:25 -0700, Craig White wrote:
> On Tue, 2006-01-24 at 10:33 +0100, Maciej ?enczykowski wrote:
> > > copied the above key (that which was between the ----BEGIN and -----END
> > > but not including those lines) and pasted into the key section and that
> >
> > why without the --begin-- --end-- lines? I always copy with'em.
> -----
> Yeah - I think I needed them too. I was unsure which is why I posted up
> about copying the key with/without them. Turned out 'importing' probably
> would have worked just fine too - have to check on that.
> ----
>
> > I generate keys using ssh-keygen, and stick them into:
> > /var/lib/nxserver/home/.ssh/authorized_keys2
> > (or without the '2' depends on sshd server setup)
> > [in one line] and the entire private key into the client.
> ----
> This little nugget combined with what I learned last night was the key
> and I probably would have stumbled into last night had I had the
> ----BEGIN & -----END lines.
>
> turns out that install will create
>
> /var/lib/nxserver/home/.ssh/authorized_keys2
>
> but sshd on CentOS 4 doesn't look there.
>
> so I merely
>
> cd /var/lib/nxserver/home/.ssh
> cp authorized_keys2 authorized_keys
> chown nx authorized_keys
>
> et voila - login
>
> Thanks for everyone's help
>
> I can't believe that people didn't stumble into this installing freenx
> on CentOS as it simply cannot work out of the box without doing this or
> some other change in /etc/ssh/sshd_config
OK, I have just done a brand new install of CentOS just to test this
issue on a blank machine.
It is a standard server install with no packages from outside the CentOS
repositories.
First thing i did after running yum upgrade is this:
yum install freenx nx
Then I went to a client and imported the key ...
I have what you said ... authorized_keys2
in /var/lib/nxserver/home/.ssh/ (which is exactly what I would expect).
connection from the client worked perfectly ... I had zero issues.
Craig ... please look in your /etc/ssh/sshd_conf file and see if you
have a:
Protocol 1
in there ... because with the standard config, both Protocol 2 and 1 are
authorized. What you are describing suggests that only ssl protocol 1
is enabled on your sshd.
I can absolutely say that with no modifications to sshd_conf, pam
authentication, or other changes that nx/freenx works perfectly out of
the box.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20060124/ef2fd396/attachment.bin
