Results 1 to 9 of 9

Thread: FreeNX on 11 vs 11.1. What's the difference?

  1. #1

    Default FreeNX on 11 vs 11.1. What's the difference?

    Hi all, I've been trying to figure out this problem for the past 3 days, and I've hit a wall. I'm hoping someone can give me some possible cures. I have a script that basically adds a zypper repo, then proceeds to install and configure FreeNX.

    To add the repo:
    Code:
    zypper addrepo Index of /repositories/X11:/RemoteDesktop/openSUSE_11.1 RemoteDesktop
    To install FreeNX & it's relevant dependencies:
    Code:
    zypper install FreeNX
    To setup and configure FreeNX:
    Code:
    nxsetup --install --setup-nomachine-key --clean --purge
    sed -i 's/AllowUsers idcuser/AllowUsers idcuser nx/' /etc/ssh/sshd_config
    service sshd reload
    nxserver --adduser user1
    echo passw0rd | nxserver --passwd user1
    nxserver --restart
    After completing these steps on version 11, I can immediately open the FreeNX client (windows 7), and connect. On 11.1, at the very end of the FreeNX connect, just after "Dowloading the session information", I get:

    Code:
    NX> 105 startsession  --link="lan" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="170.224.164.19" --type="unix-gnome" --geometry="1274x956" --client="winnt" --keyboard="pc102/en_US" --screeninfo="1274x956x16+render" 
    
    Permission denied (publickey,keyboard-interactive).
    NX> 280 Exiting on signal: 15
    I've googled this to death, and tried a bunch of random changes to both ssh and nxserver, but I can't seem to get rid of it. What might have changed from 11 to 11.1 that could cause this behavior change? The NXserver seems to be configured and running identical on both systems.

    Any input greatly appreicated.
    thanks.

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,124

    Default Re: FreeNX on 11 vs 11.1. What's the difference?

    I can not help you, but I read one thing that may need clarification for others. There never was an openSUSE 11. It started with 11.0. Do you mean that one?
    Henk van Velden

  3. #3

    Default Re: FreeNX on 11 vs 11.1. What's the difference?

    Yes, sorry - to be more explicit. 11.0, 32bit.

  4. #4

    Default Re: FreeNX on 11 vs 11.1. What's the difference?

    May I ask if both 11.0 and 11.1 are on the same computer? If so it cannot work in both cases without creating another session on the client or copying the ssh host/rsa and dsa key from the working system to the other one, as well as the keys in /var/lib/nxserver/home/.ssh and the know_hosts file there. Notice that these keys have to belong to user "nx".

  5. #5

    Default Re: FreeNX on 11 vs 11.1. What's the difference?

    Quote Originally Posted by please_try_again View Post
    May I ask if both 11.0 and 11.1 are on the same computer?
    Hi, thanks for you input.
    11.0 and 11.1 are on different VM's.

    Quote Originally Posted by please_try_again View Post
    Notice that these keys have to belong to user "nx".
    The permissions seem to be ok.

    Code:
    somehostname:/var/lib/nxserver/home/.ssh # ls -la
    total 20
    drwx------ 2 nx root 4096 2011-01-13 15:26 .
    drwx------ 3 nx root 4096 2011-01-13 15:41 ..
    -rw------- 1 nx root  669 2011-01-11 21:57 authorized_keys2
    -rw------- 1 nx root  668 2011-01-11 21:57 client.id_dsa.key
    -rw-r--r-- 1 nx root  235 2011-01-11 21:57 known_hosts
    somehostname:/var/lib/nxserver/home/.ssh #

  6. #6

    Default Re: FreeNX on 11 vs 11.1. What's the difference?

    Ok, I've spent some more time investigating and ssh and nxserver are identical between 11 and 11.1, as far as I can tell.

    The biggest different I can see is the presence of ACL's in 11.1 on both /etc/ssh, and /etc/nxserver.
    On 11.
    Code:
    some11host:/etc/ssh # ls -la
    total 180
    drwxr-xr-x   2 root root   4096 2011-01-12 13:54 .
    drwxr-xr-x 112 root root  12288 2011-01-12 15:39 ..
    -rw-------   1 root root 125811 2009-02-23 15:43 moduli
    -rw-r--r--   1 root root   2705 2009-02-23 15:43 ssh_config
    -rw-r-----   1 root root   3941 2011-01-12 13:44 sshd_config
    -rw-r-----   1 root root   3938 2010-10-27 14:26 sshd_config.bak
    -rw-------   1 root root    668 2011-01-12 13:43 ssh_host_dsa_key
    -rw-r--r--   1 root root    604 2011-01-12 13:43 ssh_host_dsa_key.pub
    -rw-------   1 root root    529 2011-01-12 13:43 ssh_host_key
    -rw-r--r--   1 root root    333 2011-01-12 13:43 ssh_host_key.pub
    -rw-------   1 root root    887 2011-01-12 13:43 ssh_host_rsa_key
    -rw-r--r--   1 root root    224 2011-01-12 13:43 ssh_host_rsa_key.pub
    some11host:/etc/ssh #
    On 11.1:
    Code:
    some11_1host:/etc/ssh # ls -la
    total 216
    drwxr-xr-x+   2 root root   4096 2011-01-18 16:09 .
    drwxr-xr-x+ 103 root root  12288 2011-01-18 16:03 ..
    -rw-------+   1 root root 125811 2010-05-09 12:15 moduli
    -rw-r--r--+   1 root root   2705 2010-05-09 12:15 ssh_config
    -rw-r-----    1 root root   3920 2011-01-18 16:03 sshd_config
    -rw-------+   1 root root    668 2010-06-17 12:46 ssh_host_dsa_key
    -rw-r--r--+   1 root root    605 2010-06-17 12:46 ssh_host_dsa_key.pub
    -rw-------+   1 root root    530 2010-06-17 12:46 ssh_host_key
    -rw-r--r--+   1 root root    334 2010-06-17 12:46 ssh_host_key.pub
    -rw-------+   1 root root    883 2010-06-17 12:46 ssh_host_rsa_key
    -rw-r--r--+   1 root root    225 2010-06-17 12:46 ssh_host_rsa_key.pub
    some11_1host:/etc/ssh #
    I don't know much about ACL's - I tried removing the ACL's via the setfacl command, but it didn't seem the have any effect.
    Is there a way that I can temporarily disable all ACL's - just to determine if they are causing an issue? If I can simply determine if this is the root cause, I can work at properly setting ACL's as necessary to satisfy NX.

    thx.

  7. #7

    Default Re: FreeNX on 11 vs 11.1. What's the difference?

    Ok, I have it working on 11.1 so I'm posting my resolution for the benefit of others.

    It was a permissions problem, but not in the location(s) I mentioned in my previous post. The issue was with the /home/<someuser>/.ssh folder. In 11.0, the permissions for this folder were set to "<someuser>:users" (owner:group). In 11.1, the owner:group was "root:root". Therefore, when the id was added to passdb via nxserver --adduser, it could not create the authorizedkeys2 for eventual public key authentication.

    Once I did a chown on the .ssh folder, and re-ran nxserver --adduser the file was created, and life was good.

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,124

    Default Re: FreeNX on 11 vs 11.1. What's the difference?

    Thanks for sharing the solution.

    This may have gone wrong by doings things running as root that shouldn't
    Henk van Velden

  9. #9

    Default Re: FreeNX on 11 vs 11.1. What's the difference?

    Quote Originally Posted by hcvv View Post
    Thanks for sharing the solution.

    This may have gone wrong by doings things running as root that shouldn't
    Agreed, however, in my situation I have no choice. Without going into confidential details, this is a cloud based system in which I (as a user) have only a small window or a hook to do customizations during provisioning. I can specify a script to do 'stuff' during this window, but not the ID. It appears it runs as root.

    I'm confident I'm one of the few people that will hit this given my unique circumstances.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •