I recently started – and with help, completed-- a thread about problems with “ssh localhost”. I can now do it. But I pursued that problem in the first place because I want to install freeNX. I still run up against the same problem in nxsetup, even though “ssh localhost” apparently is working.
Here is the complete output of
nxsetup --install --setup-nomachine-key --clean --purge
Removing special user “nx” …no crontab for nx
done
Removing session database …done
Removing logfile …done
Removing home directory of special user “nx” …done
Removing configuration files …done
Setting up /etc/nxserver …done
Generating public/private dsa key pair.
Your identification has been saved in /etc/nxserver/users.id_dsa.
Your public key has been saved in /etc/nxserver/users.id_dsa.pub.
The key fingerprint is:
60:45:54:43:b9:8e:0b:8d:d6:fa:c3:d3:fc:20:71:d1 root@localhost
Setting up /var/lib/nxserver/db …done
Setting up /var/log/nxserver.log …done
Setting up special user “nx” …done
Adding user “nx” to group “utmp” …done
Setting up known_hosts and authorized_keys2 …done
Setting up permissions …done
Setting up cups nxipp backend …done----> Testing your nxserver configuration …
Warning: Invalid value “COMMAND_FOOMATIC=/usr/lib64/cups/driver/foomatic-ppdfile”
Users will not be able to use foomatic.
Warning: Invalid value “COMMAND_START_GNOME=gnome-session”
Users will not be able to request a Gnome session.
Warning: Invalid value “COMMAND_START_CDE=cdwm”
Users will not be able to request a CDE session.
Warning: Invalid value “COMMAND_SMBMOUNT=smbmount”. You’ll not be able to use SAMBA.
Warning: Invalid value “COMMAND_SMBUMOUNT=smbumount”. You’ll not be able to use SAMBA.Warnings occured during config check.
To enable these features please correct the configuration file.<---- done
----> Testing your nxserver connection …
Permission denied (publickey,password,keyboard-interactive).
Fatal error: Could not connect to NX Server.Please check your ssh setup:
The following are examples of what you might need to check.
- Make sure "nx" is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure "nx" is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename)
- Make sure you allow ssh on localhost, this could come from some
restriction of:
-the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost
-the iptables. add to it:
$ iptables -A INPUT -i lo -j ACCEPT
$ iptables -A OUTPUT -o lo -j ACCEPT
I am told to “Please check your ssh setup” and I have.
Here are UNCOMMENTED lines in sshd_config (and I show the OUTCOMMENTED AllowUsers and AllowGroups lines for good measure):
Port 22
ListenAddress 0.0.0.0
Protocol 2HostKey /etc/ssh/ssh_host_key
HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_keyPubkeyAuthentication yes
AuthorizedKeysFile authorized_keys2PasswordAuthentication yes
PermitEmptyPasswords noRSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile authorized_keys2PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication yesUsePAM yes
Subsystem sftp /usr/lib64/ssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL#AllowUsers nx
#AllowGroups remotessh nxGatewayPorts yes
X11DisplayOffset 50
AllowTcpForwarding yes
Compression yes
MaxAuthTries 6
PermitRootLogin yes
PrintMotd yes
Here is the bottom of /etc/hosts.allow:
ALL:localhost
ALL:127.0.0.1added per Linux Help - Secure Shell SSH/SSH2 Setup Guide
sshd: ALL
sshdfwd-X11: 192.168.1.35added this for nx
$ iptables -A INPUT -i lo -j ACCEPT
$ iptables -A OUTPUT -o lo -j ACCEPT
Is there a way I can debug the error occuring in nxsetup?