Hi all, I’ve been trying to figure out this problem for the past 3 days, and I’ve hit a wall. I’m hoping someone can give me some possible cures. I have a script that basically adds a zypper repo, then proceeds to install and configure FreeNX.
To add the repo:
zypper addrepo [Index of /repositories/X11:/RemoteDesktop/openSUSE_11.1](http://download.opensuse.org/repositories/X11:/RemoteDesktop/openSUSE_11.1) RemoteDesktop
After completing these steps on version 11, I can immediately open the FreeNX client (windows 7), and connect. On 11.1, at the very end of the FreeNX connect, just after “Dowloading the session information”, I get:
I’ve googled this to death, and tried a bunch of random changes to both ssh and nxserver, but I can’t seem to get rid of it. What might have changed from 11 to 11.1 that could cause this behavior change? The NXserver seems to be configured and running identical on both systems.
May I ask if both 11.0 and 11.1 are on the same computer? If so it cannot work in both cases without creating another session on the client or copying the ssh host/rsa and dsa key from the working system to the other one, as well as the keys in /var/lib/nxserver/home/.ssh and the know_hosts file there. Notice that these keys have to belong to user “nx”.
I don’t know much about ACL’s - I tried removing the ACL’s via the setfacl command, but it didn’t seem the have any effect.
Is there a way that I can temporarily disable all ACL’s - just to determine if they are causing an issue? If I can simply determine if this is the root cause, I can work at properly setting ACL’s as necessary to satisfy NX.
Ok, I have it working on 11.1 so I’m posting my resolution for the benefit of others.
It was a permissions problem, but not in the location(s) I mentioned in my previous post. The issue was with the /home/<someuser>/.ssh folder. In 11.0, the permissions for this folder were set to “<someuser>:users” (owner:group). In 11.1, the owner:group was “root:root”. Therefore, when the id was added to passdb via nxserver --adduser, it could not create the authorizedkeys2 for eventual public key authentication.
Once I did a chown on the .ssh folder, and re-ran nxserver --adduser the file was created, and life was good.
Agreed, however, in my situation I have no choice. Without going into confidential details, this is a cloud based system in which I (as a user) have only a small window or a hook to do customizations during provisioning. I can specify a script to do ‘stuff’ during this window, but not the ID. It appears it runs as root.
I’m confident I’m one of the few people that will hit this given my unique circumstances.