On Thu, Mar 19, 2009 at 10:51 AM, Paul Hartman <paul.hartman+gen...@gmail.com> wrote: > On Thu, Mar 19, 2009 at 10:44 AM, Joseph <syscon...@gmail.com> wrote: >> On 03/19/09 10:03, Paul Hartman wrote: >> [snip] >>>> >>>> log/messages prints: >>>> user nx not allowed because account is locked >>>> >>>> How to unlock the account? >>> >>> passwd -u nx >>> >>> I had to do the same thing. >>> >>> Paul >> >> >> Yes, I tried it already: >> >> passwd -u nx >> passwd: unlocking the user would result in a passwordless account. >> You should set password with usermod -p to unlock this user account. >> Password changed. >> >> What do you do next? >> >> When I try to run again: >> nxsetup --install --setup-nomachine-key --clean --purge >> >> I get: >> ... >> Setting up /var/log/nxserver.log ...done >> Setting up special user "nx" ...passwd: unlocking the user would result in a >> passwordless account. >> You should set a password with usermod -p to unlock this user account. >> Password changed. >> done. >> ... >> ----> Testing your nxserver connection ... >> Permission denied (publickey,keyboard-interactive). >> Fatal error: Could not connect to NX Server. >> >> Please check your ssh setup: >> >> The following are _examples_ of what you might need to check. >> >> - Make sure "nx" is one of the AllowUsers in sshd_config. >> (or that the line is outcommented/not there) >> - Make sure "nx" is one of the AllowGroups in sshd_config. >> (or that the line is outcommented/not there) >> - Make sure your sshd allows public key authentication. >> - Make sure your sshd is really running on port 22. >> - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set >> to authorized_keys2. >> (this should be a filename not a pathname+filename) >> - Make sure you allow ssh on localhost, this could come from some >> restriction of: >> -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost >> -the iptables. add to it: >> $ iptables -A INPUT -i lo -j ACCEPT >> $ iptables -A OUTPUT -o lo -j ACCEPT >> >> >> So at this point I'm back to square one in log/messages I get: >> User nx not allowed because account is locked > > Oh, try to give user nx a password on your system. It uses ssh keys > to login, so it doesn't even matter what the password is. Just don't > make it something easily guessed/brute-force like "nx" or "1234" or > else you might have some unwanted guests in your system :) >
Now that I think of it, you might even be able to assign a password, unlock, and then delete the password with "passwd -d nx".