[prev in list] [next in list] [prev in thread] [next in thread]
List: freenx-knx
Subject: Re: [FreeNX-kNX] first contact, FreeNX
From: "=?ISO-8859-1?Q?7th_Sign_|_Iv=E1n_Rico?=" <7th_sign () soy-geek ! com>
Date: 2008-07-31 22:07:46
Message-ID: a77c28160807311507x5346e1e1x288031566a3046b4 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
thanks for the tips, I understood about the keys and finally I did it, well
I don't know if this is the best way.
I left the default sshd_conf, only I added this 2 lines
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys2
in order to connect without problems by ssh then I ran nxsetup --install
--setup-nomachine-key but it showed me an error:
----> Testing your nxserver connection ...
couldn't read file "--check": no such file or directory
Fatal error: Could not connect to NX Server.
but I went to /var/lib/nxserver/home/.ssh/ and I copy allt text of
client.id_dsa.key to the nx client, and it worked.
Are there a best way?
2008/7/31 Verner Kjærsgaard <vk@os-academy.dk>
>
>
> 7th Sign | Iván Rico skrev:
> >
> > it's logging in initially with the user 'nx' - that's what the
> > (pre)configured keys (the 'no-machine keys') are for. That's why you
> > need to make sure that
> >
> > a)
> > you can log into the machine using ssh
> >
> >
> > b)
> > that the nx keys are in place, allowing nx to login without a
> password.
> > c) someone on this list will be able to explain that better than I.
> > d) once nx can log in and is logged in, the user is switched to
> 'frank'.
> >
> > That's the 'no-machine-key' way, not the FreeNX way. That's why you
> give
> > 'nxsetup --install --setup-nomachine-key --clean --purge' in order to
> > make sure the keys ar in place.
> >
> > Also make sure that the correct ownerships of directories holding the
> > keys are in place. On my server:
> >
> > drwxr-xr-x 4 root users 4096 12 jul 13:20 nxserver/
> >
> > - this may not be entirely correct...perhaps they really should be
> owned
> > by nx, don't know. But it works..
> >
> > Further down, I have:
> >
> > -rw------- 1 nx root 671 12 jul 13:25 authorized_keys2
> > -rw-r--r-- 1 nx root 668 12 jul 13:20 client.id_dsa.key
> > -rw------- 1 nx root 235 12 jul 13:20 known_hosts
> > Gunnar:/var/lib/nxserver/home/.ssh #
> >
> > - hope this helps!
> >
> >
> > Hello again,
> >
> > a) I can't log into my server by ssh
> > I got this:
> >
> > ivan@dementor ~ $ ssh root@192.168.1.247 <mailto:root@192.168.1.247>
> > Permission denied (publickey,gssapi-with-mic).
> > ivan@dementor ~
> >
> > This happens since I change these values to:
> > PasswordAuthentication no
> > AllowUsers nx root ivan
> > on sshd_config
> >
> > b) I deleted the pass with, passwd -d nx but I have the same results
> >
> > c) :)
> >
> > d) I have a few questions about that: Who and How creates these files:
> > authorized_keys2, client.id_dsa.key?
> > I dont't have them in /etc/nxserver and I don't know where them are
> >
> > ---------------------------------
> > 7th Sign | Iván Rico
> > ---------------------------------
> >
> >
> > ------------------------------------------------------------------------
> Hi
> I'm sorry I don't have time to help you further, the car is packed,
> we're off on holiday :-)
>
> One thing, though. You MUST be able to login via SSH.
> First, on the remote machine itself at its console, try this
>
> SSH your_username@localhost
>
> This should absolutely succeed. If not, debug your SSH thing (is it
> listening and so)
>
> If ok, then try the same thing from outside. Login from your local
> machine to the remote machine using SSH
> your_login_name@some-server.something.
>
> This MUST succeed. If not check firewall and more. Hint: on the remote
> machine, as root, do "tail -f /var/log/messages" (end it with ctrl-c).
> This will give you a live log og what's happening.
>
> Then read up on SSH generally. As a normal user, do
>
> ssh-keygen -t dsa
>
> When asked for a pass-phrase, just hit enter.
>
> Now see that a pair of keys are generated, they are placed in
>
> /home/your_user_name/.ssh/some_key_name
> and
> /home/your_user_name/.ssh/some_key_name.pub
>
> Now copy the -pub key to your home-dir on the remote machine. Put it
> into /home/your_home_dir/.ssh/xxx.pub
>
> Now xfer the contents of that xxx.pub file into the "authorized_keys"
> file, do
>
> cat xxx.pub >> authorized_keys
>
> Now create a symlink in the same .ssh dir, do
>
> ln -s authorized_keys authorized_keys2
>
> This way SSH will work regardless of SSH looking for authorized_keys or
> authorized_keys2.
>
> Make sure the authorized_keys file, is owned by your_user_name and that
> its rights are 600. No more, no less. Make sure that your_user_name is
> allowed to enter the .ssh directory...
>
> Exit from the remote machine.
>
> Now you should be able to login from your local machine to the remote
> machine - without using your password. Do
>
> SSH your_user_name@remote_machine
>
>
> If you can't, get that fixed first. Then go on to debug/experiment with NX.
>
> - haven't got more time, wish you luck!
>
>
> --------------------------------------------
> Med venlig hilsen/best regards
> Verner Kjærsgaard
>
> ________________________________________________________________
> Were you helped on this list with your FreeNX problem?
> Then please write up the solution in the FreeNX Wiki/FAQ:
> http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
> Don't forget to check the NX Knowledge Base:
> http://www.nomachine.com/kb/
>
> ________________________________________________________________
> FreeNX-kNX mailing list --- FreeNX-kNX@kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>
[Attachment #5 (text/html)]
<div dir="ltr">thanks for the tips, I understood about the keys and finally I did it, \
well I don't know if this is the best way.<br><br>I left the default sshd_conf, \
only I added this 2 lines<br><br>PubkeyAuthentication yes<br> \
AuthorizedKeysFile .ssh/authorized_keys2<br><br>in \
order to connect without problems by ssh then I ran nxsetup --install \
--setup-nomachine-key but it showed me an error:<br><br>----> Testing your \
nxserver connection ...<br> couldn't read file "--check": no such file \
or directory<br>Fatal error: Could not connect to NX Server.<br><br>but I went to \
/var/lib/nxserver/home/.ssh/ and I copy allt text of client.id_dsa.key to \
the nx client, and it worked.<br> <br>Are there a best way? <br><br><br><div \
class="gmail_quote">2008/7/31 Verner Kjærsgaard <span dir="ltr"><<a \
href="mailto:vk@os-academy.dk">vk@os-academy.dk</a>></span><br><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt \
0pt 0.8ex; padding-left: 1ex;"> <br>
<br>
7th Sign | Iván Rico skrev:<br>
<div><div></div><div class="Wj3C7c">><br>
> it's logging in initially with the user 'nx' - \
that's what the<br> > (pre)configured keys (the 'no-machine \
keys') are for. That's why you<br> > need to make sure \
that<br> ><br>
> a)<br>
> you can log into the machine using ssh<br>
><br>
><br>
> b)<br>
> that the nx keys are in place, allowing nx to login without a \
password.<br> > c) someone on this list will be able to explain that \
better than I.<br> > d) once nx can log in and is logged in, the \
user is switched to 'frank'.<br> ><br>
> That's the 'no-machine-key' way, not the FreeNX way. \
That's why you give<br> > 'nxsetup --install \
--setup-nomachine-key --clean --purge' in order to<br> > make \
sure the keys ar in place.<br> ><br>
> Also make sure that the correct ownerships of directories holding \
the<br> > keys are in place. On my server:<br>
><br>
> drwxr-xr-x 4 root users 4096 12 jul 13:20 nxserver/<br>
><br>
> - this may not be entirely correct...perhaps they really should be \
owned<br> > by nx, don't know. But it works..<br>
><br>
> Further down, I have:<br>
><br>
> -rw------- 1 nx root 671 12 jul 13:25 authorized_keys2<br>
> -rw-r--r-- 1 nx root 668 12 jul 13:20 client.id_dsa.key<br>
> -rw------- 1 nx root 235 12 jul 13:20 known_hosts<br>
> Gunnar:/var/lib/nxserver/home/.ssh #<br>
><br>
> - hope this helps!<br>
><br>
><br>
> Hello again,<br>
><br>
> a) I can't log into my server by ssh<br>
> I got this:<br>
><br>
</div></div>> ivan@dementor ~ $ ssh <a \
href="mailto:root@192.168.1.247">root@192.168.1.247</a> <mailto:<a \
href="mailto:root@192.168.1.247">root@192.168.1.247</a>><br> <div \
class="Ih2E3d">> Permission denied (publickey,gssapi-with-mic).<br> > \
ivan@dementor ~<br> ><br>
> This happens since I change these values to:<br>
> PasswordAuthentication no<br>
> AllowUsers nx root ivan<br>
> on sshd_config<br>
><br>
> b) I deleted the pass with, passwd -d nx but I have the same results<br>
><br>
> c) :)<br>
><br>
> d) I have a few questions about that: Who and How creates these files:<br>
> authorized_keys2, client.id_dsa.key?<br>
> I dont't have them in /etc/nxserver and I don't know where them are<br>
><br>
> ---------------------------------<br>
> 7th Sign | Iván Rico<br>
> ---------------------------------<br>
><br>
><br>
</div>> ------------------------------------------------------------------------<br>
Hi<br>
I'm sorry I don't have time to help you further, the car is packed,<br>
we're off on holiday :-)<br>
<br>
One thing, though. You MUST be able to login via SSH.<br>
First, on the remote machine itself at its console, try this<br>
<br>
SSH your_username@localhost<br>
<br>
This should absolutely succeed. If not, debug your SSH thing (is it<br>
listening and so)<br>
<br>
If ok, then try the same thing from outside. Login from your local<br>
machine to the remote machine using SSH<br>
your_login_name@some-server.something.<br>
<br>
This MUST succeed. If not check firewall and more. Hint: on the remote<br>
machine, as root, do "tail -f /var/log/messages" (end it with ctrl-c).<br>
This will give you a live log og what's happening.<br>
<br>
Then read up on SSH generally. As a normal user, do<br>
<br>
ssh-keygen -t dsa<br>
<br>
When asked for a pass-phrase, just hit enter.<br>
<br>
Now see that a pair of keys are generated, they are placed in<br>
<br>
/home/your_user_name/.ssh/some_key_name<br>
and<br>
/home/your_user_name/.ssh/some_key_name.pub<br>
<br>
Now copy the -pub key to your home-dir on the remote machine. Put it<br>
into /home/your_home_dir/.ssh/xxx.pub<br>
<br>
Now xfer the contents of that xxx.pub file into the "authorized_keys"<br>
file, do<br>
<br>
cat xxx.pub >> authorized_keys<br>
<br>
Now create a symlink in the same .ssh dir, do<br>
<br>
ln -s authorized_keys authorized_keys2<br>
<br>
This way SSH will work regardless of SSH looking for authorized_keys or<br>
authorized_keys2.<br>
<br>
Make sure the authorized_keys file, is owned by your_user_name and that<br>
its rights are 600. No more, no less. Make sure that your_user_name is<br>
allowed to enter the .ssh directory...<br>
<br>
Exit from the remote machine.<br>
<br>
Now you should be able to login from your local machine to the remote<br>
machine - without using your password. Do<br>
<br>
SSH your_user_name@remote_machine<br>
<br>
<br>
If you can't, get that fixed first. Then go on to debug/experiment with NX.<br>
<br>
- haven't got more time, wish you luck!<br>
<div><div></div><div class="Wj3C7c"><br>
<br>
--------------------------------------------<br>
Med venlig hilsen/best regards<br>
Verner Kjærsgaard<br>
<br>
________________________________________________________________<br>
Were you helped on this list with your FreeNX problem?<br>
Then please write up the solution in the FreeNX Wiki/FAQ:<br>
<a href="http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ" \
target="_blank">http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ</a><br> \
Don't forget to check the NX Knowledge Base:<br> \
<a \
href="http://www.nomachine.com/kb/" \
target="_blank">http://www.nomachine.com/kb/</a><br> <br>
________________________________________________________________<br>
FreeNX-kNX mailing list --- <a \
href="mailto:FreeNX-kNX@kde.org">FreeNX-kNX@kde.org</a><br> <a \
href="https://mail.kde.org/mailman/listinfo/freenx-knx" \
target="_blank">https://mail.kde.org/mailman/listinfo/freenx-knx</a><br> \
________________________________________________________________<br> \
</div></div></blockquote></div><br></div>
________________________________________________________________
Were you helped on this list with your FreeNX problem?
Then please write up the solution in the FreeNX Wiki/FAQ:
http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
Don't forget to check the NX Knowledge Base:
http://www.nomachine.com/kb/
________________________________________________________________
FreeNX-kNX mailing list --- FreeNX-kNX@kde.org
https://mail.kde.org/mailman/listinfo/freenx-knx
________________________________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic