Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Thu, Mar 19, 2009 at 6:29 PM, Joseph syscon...@gmail.com wrote: On 03/19/09 17:48, Paul Hartman wrote: Here is my understanding of how the NX bits all fit together: Think of it as a 2-step connection. The first step is connecting from the remote nxclient to the nxserver. For this step, it uses the SSH key that you can put into nxclient. That only authenticates you as being able to connect to the NX server, it doesn't get you into any user files or desktops. By keeping the default NX key, anyone with NX client can connect to your box and get to this point. I think my ssh-keys might not be correct between the nxclient. I've installed on one Linux box: net-misc/nxclient and the server is running: nxserver-freeedition maybe the key from nxclient: /usr/NX/share/keys/server.id_dsa.key is not the correct one, this key is a private key. and to my understanding in order to log-in into the server I need to copy nxclinet's public key to the serer; but I can not fine one. Hi, You need to copy the server's default key to the client. Copy /usr/NX/share/keys/default.id_dsa.key (NOT server.id_dsa.key) from the server into the nxclient (Configure - Keys - Import or paste it in).
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/20/09 10:07, Paul Hartman wrote: Hi, You need to copy the server's default key to the client. Copy /usr/NX/share/keys/default.id_dsa.key (NOT server.id_dsa.key) from the server into the nxclient (Configure - Keys - Import or paste it in). Thank you. Yes, I had that part correct. The problem in my case is the nx user password needs to be set to unlock the account. Now, I'm fighting to connect to Windows XP :-/ running in VirtualBox -- Joseph
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Wed, Mar 18, 2009 at 11:35 PM, Joseph syscon...@gmail.com wrote: Is anybody using nxserver-freenx? It compile fine but when I run a setup: nxsetup --install --setup-nomachine-key --clean --purge I get: Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure nx is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure nx is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: log/messages prints: user nx not allowed because account is locked How to unlock the account? passwd -u nx I had to do the same thing. Paul
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/19/09 10:03, Paul Hartman wrote: [snip] log/messages prints: user nx not allowed because account is locked How to unlock the account? passwd -u nx I had to do the same thing. Paul Yes, I tried it already: passwd -u nx passwd: unlocking the user would result in a passwordless account. You should set password with usermod -p to unlock this user account. Password changed. What do you do next? When I try to run again: nxsetup --install --setup-nomachine-key --clean --purge I get: ... Setting up /var/log/nxserver.log ...done Setting up special user nx ...passwd: unlocking the user would result in a passwordless account. You should set a password with usermod -p to unlock this user account. Password changed. done. ... Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure nx is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure nx is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT So at this point I'm back to square one in log/messages I get: User nx not allowed because account is locked -- #Joseph GPG KeyID: ED0E1FB7
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Thu, Mar 19, 2009 at 10:44 AM, Joseph syscon...@gmail.com wrote: On 03/19/09 10:03, Paul Hartman wrote: [snip] log/messages prints: user nx not allowed because account is locked How to unlock the account? passwd -u nx I had to do the same thing. Paul Yes, I tried it already: passwd -u nx passwd: unlocking the user would result in a passwordless account. You should set password with usermod -p to unlock this user account. Password changed. What do you do next? When I try to run again: nxsetup --install --setup-nomachine-key --clean --purge I get: ... Setting up /var/log/nxserver.log ...done Setting up special user nx ...passwd: unlocking the user would result in a passwordless account. You should set a password with usermod -p to unlock this user account. Password changed. done. ... Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure nx is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure nx is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT So at this point I'm back to square one in log/messages I get: User nx not allowed because account is locked Oh, try to give user nx a password on your system. It uses ssh keys to login, so it doesn't even matter what the password is. Just don't make it something easily guessed/brute-force like nx or 1234 or else you might have some unwanted guests in your system :)
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Thu, Mar 19, 2009 at 10:51 AM, Paul Hartman paul.hartman+gen...@gmail.com wrote: On Thu, Mar 19, 2009 at 10:44 AM, Joseph syscon...@gmail.com wrote: On 03/19/09 10:03, Paul Hartman wrote: [snip] log/messages prints: user nx not allowed because account is locked How to unlock the account? passwd -u nx I had to do the same thing. Paul Yes, I tried it already: passwd -u nx passwd: unlocking the user would result in a passwordless account. You should set password with usermod -p to unlock this user account. Password changed. What do you do next? When I try to run again: nxsetup --install --setup-nomachine-key --clean --purge I get: ... Setting up /var/log/nxserver.log ...done Setting up special user nx ...passwd: unlocking the user would result in a passwordless account. You should set a password with usermod -p to unlock this user account. Password changed. done. ... Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure nx is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure nx is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT So at this point I'm back to square one in log/messages I get: User nx not allowed because account is locked Oh, try to give user nx a password on your system. It uses ssh keys to login, so it doesn't even matter what the password is. Just don't make it something easily guessed/brute-force like nx or 1234 or else you might have some unwanted guests in your system :) Now that I think of it, you might even be able to assign a password, unlock, and then delete the password with passwd -d nx.
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/19/09 10:51, Paul Hartman wrote: Yes, I tried it already: passwd -u nx passwd: unlocking the user would result in a passwordless account. You should set password with usermod -p to unlock this user account. Password changed. What do you do next? When I try to run again: nxsetup --install --setup-nomachine-key --clean --purge I get: ... Setting up /var/log/nxserver.log ...done Setting up special user nx ...passwd: unlocking the user would result in a passwordless account. You should set a password with usermod -p to unlock this user account. Password changed. done. ... Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure nx is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure nx is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT So at this point I'm back to square one in log/messages I get: User nx not allowed because account is locked Oh, try to give user nx a password on your system. It uses ssh keys to login, so it doesn't even matter what the password is. Just don't make it something easily guessed/brute-force like nx or 1234 or else you might have some unwanted guests in your system :) I did give it a password usermod -p something nx it accepted the password, now do I run the setup again: nxsetup --install --setup-nomachine-key --clean --purge If I try to login from another machine do I login as user nx? When I try to login from another machine on my network I get: Your guest account has expired... -- #Joseph GPG KeyID: ED0E1FB7
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/19/09 10:51, Paul Hartman wrote: So at this point I'm back to square one in log/messages I get: User nx not allowed because account is locked Oh, try to give user nx a password on your system. It uses ssh keys to login, so it doesn't even matter what the password is. Just don't make it something easily guessed/brute-force like nx or 1234 or else you might have some unwanted guests in your system :) I'm a git of confused as to which ssh key is the client using as I did not transfer any ssh public key to the client machine. (Yes, I know how ssh login works) Do I need to transfer ssh key from: /etc/nxserver/users.id_dsa.pub to my client machine? -- #Joseph GPG KeyID: ED0E1FB7
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Thu, Mar 19, 2009 at 11:10 AM, Joseph syscon...@gmail.com wrote: On 03/19/09 10:51, Paul Hartman wrote: Yes, I tried it already: passwd -u nx passwd: unlocking the user would result in a passwordless account. You should set password with usermod -p to unlock this user account. Password changed. What do you do next? When I try to run again: nxsetup --install --setup-nomachine-key --clean --purge I get: ... Setting up /var/log/nxserver.log ...done Setting up special user nx ...passwd: unlocking the user would result in a passwordless account. You should set a password with usermod -p to unlock this user account. Password changed. done. ... Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure nx is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure nx is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT So at this point I'm back to square one in log/messages I get: User nx not allowed because account is locked Oh, try to give user nx a password on your system. It uses ssh keys to login, so it doesn't even matter what the password is. Just don't make it something easily guessed/brute-force like nx or 1234 or else you might have some unwanted guests in your system :) I did give it a password usermod -p something nx it accepted the password, now do I run the setup again: nxsetup --install --setup-nomachine-key --clean --purge If I try to login from another machine do I login as user nx? When I try to login from another machine on my network I get: Your guest account has expired... The way NX works is it uses the nx user as an intermediate. You need to login as a normal user, and you need to explicitly give that user permission to use NX by doing nxserver --useradd yourname (which will generate NX ssh keys and put them in that user's directory). If you use interactive/PAM authentication on your system, NX can use your user's normal system password; if you use key-based authentication for SSH the only way to make NX work is to use its internal password database and assing an NX-specific password to that user. In nxclient, copy the normal SSH key, and then in the nxclient login box put the NX username and password.
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Thu, Mar 19, 2009 at 11:16 AM, Paul Hartman paul.hartman+gen...@gmail.com wrote: On Thu, Mar 19, 2009 at 11:10 AM, Joseph syscon...@gmail.com wrote: On 03/19/09 10:51, Paul Hartman wrote: Yes, I tried it already: passwd -u nx passwd: unlocking the user would result in a passwordless account. You should set password with usermod -p to unlock this user account. Password changed. What do you do next? When I try to run again: nxsetup --install --setup-nomachine-key --clean --purge I get: ... Setting up /var/log/nxserver.log ...done Setting up special user nx ...passwd: unlocking the user would result in a passwordless account. You should set a password with usermod -p to unlock this user account. Password changed. done. ... Testing your nxserver connection ... Permission denied (publickey,keyboard-interactive). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure nx is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure nx is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT So at this point I'm back to square one in log/messages I get: User nx not allowed because account is locked Oh, try to give user nx a password on your system. It uses ssh keys to login, so it doesn't even matter what the password is. Just don't make it something easily guessed/brute-force like nx or 1234 or else you might have some unwanted guests in your system :) I did give it a password usermod -p something nx it accepted the password, now do I run the setup again: nxsetup --install --setup-nomachine-key --clean --purge If I try to login from another machine do I login as user nx? When I try to login from another machine on my network I get: Your guest account has expired... The way NX works is it uses the nx user as an intermediate. You need to login as a normal user, and you need to explicitly give that user permission to use NX by doing nxserver --useradd yourname (which will generate NX ssh keys and put them in that user's directory). If you use interactive/PAM authentication on your system, NX can use your user's normal system password; if you use key-based authentication for SSH the only way to make NX work is to use its internal password database and assing an NX-specific password to that user. In nxclient, copy the normal SSH key, and then in the nxclient login box put the NX username and password. I think the user DB setting is in /usr/NX/etc/server.cfg
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/19/09 11:16, Paul Hartman wrote: it accepted the password, now do I run the setup again: nxsetup --install --setup-nomachine-key --clean --purge If I try to login from another machine do I login as user nx? When I try to login from another machine on my network I get: Your guest account has expired... The way NX works is it uses the nx user as an intermediate. You need to login as a normal user, and you need to explicitly give that user permission to use NX by doing nxserver --useradd yourname (which will generate NX ssh keys and put them in that user's directory). If you use interactive/PAM authentication on your system, NX can use your user's normal system password; if you use key-based authentication for SSH the only way to make NX work is to use its internal password database and assing an NX-specific password to that user. In nxclient, copy the normal SSH key, and then in the nxclient login box put the NX username and password. I'm getting something :-/ On the nxserver I set the sshd to pam yes When I try to login from client as user: joseph + my_passowrd I get: Could not yet established the connection to the remote proxy... -- #Joseph GPG KeyID: ED0E1FB7
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/19/09 11:29, Paul Hartman wrote: it accepted the password, now do I run the setup again: nxsetup --install --setup-nomachine-key --clean --purge If I try to login from another machine do I login as user nx? When I try to login from another machine on my network I get: Your guest account has expired... The way NX works is it uses the nx user as an intermediate. You need to login as a normal user, and you need to explicitly give that user permission to use NX by doing nxserver --useradd yourname (which will generate NX ssh keys and put them in that user's directory). If you use interactive/PAM authentication on your system, NX can use your user's normal system password; if you use key-based authentication for SSH the only way to make NX work is to use its internal password database and assing an NX-specific password to that user. In nxclient, copy the normal SSH key, and then in the nxclient login box put the NX username and password. I think the user DB setting is in /usr/NX/etc/server.cfg No there is no such file or directory on the server; that is why I'm asking if after setting the password for user nx I should run this command again: nxsetup --install --setup-nomachine-key --clean --purge as it is my impression that the setup was not complete. -- #Joseph GPG KeyID: ED0E1FB7
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Thu, Mar 19, 2009 at 11:38 AM, Joseph syscon...@gmail.com wrote: On 03/19/09 11:29, Paul Hartman wrote: it accepted the password, now do I run the setup again: nxsetup --install --setup-nomachine-key --clean --purge If I try to login from another machine do I login as user nx? When I try to login from another machine on my network I get: Your guest account has expired... The way NX works is it uses the nx user as an intermediate. You need to login as a normal user, and you need to explicitly give that user permission to use NX by doing nxserver --useradd yourname (which will generate NX ssh keys and put them in that user's directory). If you use interactive/PAM authentication on your system, NX can use your user's normal system password; if you use key-based authentication for SSH the only way to make NX work is to use its internal password database and assing an NX-specific password to that user. In nxclient, copy the normal SSH key, and then in the nxclient login box put the NX username and password. I think the user DB setting is in /usr/NX/etc/server.cfg No there is no such file or directory on the server; that is why I'm asking if after setting the password for user nx I should run this command again: nxsetup --install --setup-nomachine-key --clean --purge as it is my impression that the setup was not complete. Hmm. Okay, I am actually using nxserver-freeedition and not nxserver-freenx. (I always get those confused). On my machine I am the only user, so I don't know about multi-user shared machines. I just want personal access to my home PC. Here is my config that works for me with nxserver-freeedition with SSH public key authentication: In my sshd_config I've got: PermitRootLogin No RSAAuthentication no PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no UsePAM no Then in /usr/NX/etc/server.cfg I have: EnableUserDB = 1 EnablePasswordDB = 1 then run /usr//NX/bin/nxserver --useradd yourusername which will add that user to the NX user database as well as create/add an SSH key to that user (which is only used by NX on the local machine, it will SSH to itself). The password you create for this user is what you'll use in nxclient when connecting to the remote machine, and the SSH key in nxclient is the one that user would normally use to login to the box with regular SSH. If you don't use key authentication with SSH, you should be able to have the two NX server options above set to 0, and use the user's normal password to login. You will still need to put your NX server key into nxclient (unless you use the default key which is already in there). It is tricky to set up, but once it works it is awesome. :) It beats VNC or RDP easily. Paul
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/19/09 13:07, Paul Hartman wrote: I think the user DB setting is in /usr/NX/etc/server.cfg No there is no such file or directory on the server; that is why I'm asking if after setting the password for user nx I should run this command again: nxsetup --install --setup-nomachine-key --clean --purge as it is my impression that the setup was not complete. Hmm. Okay, I am actually using nxserver-freeedition and not nxserver-freenx. (I always get those confused). Thanks, it is the first time Im using it. What is the actual difference between nxserver-freeedition and nxserver-freenx besides the license? Maybe I'll try nxserver-freeedition. -- #Joseph GPG KeyID: ED0E1FB7
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Thu, Mar 19, 2009 at 2:17 PM, Joseph syscon...@gmail.com wrote: On 03/19/09 13:07, Paul Hartman wrote: I think the user DB setting is in /usr/NX/etc/server.cfg No there is no such file or directory on the server; that is why I'm asking if after setting the password for user nx I should run this command again: nxsetup --install --setup-nomachine-key --clean --purge as it is my impression that the setup was not complete. Hmm. Okay, I am actually using nxserver-freeedition and not nxserver-freenx. (I always get those confused). Thanks, it is the first time Im using it. What is the actual difference between nxserver-freeedition and nxserver-freenx besides the license? Maybe I'll try nxserver-freeedition. I think nxserver-freeedition is an official NX product with a free forever license for a small number of users per machine (2 or 3?), while freenx is an open-source project making an NX-compatible server (possibly using released NX sources from some point in time, I don't really know the whole history).
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/19/09 13:07, Paul Hartman wrote: In my sshd_config I've got: PermitRootLogin No RSAAuthentication no PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no UsePAM no Then in /usr/NX/etc/server.cfg I have: EnableUserDB = 1 EnablePasswordDB = 1 then run /usr//NX/bin/nxserver --useradd yourusername which will add that user to the NX user database as well as create/add an SSH key to that user (which is only used by NX on the local machine, it will SSH to itself). The password you create for this user is what you'll use in nxclient when connecting to the remote machine, and the SSH key in nxclient is the one that user would normally use to login to the box with regular SSH. If you don't use key authentication with SSH, you should be able to have the two NX server options above set to 0, and use the user's normal password to login. You will still need to put your NX server key into nxclient (unless you use the default key which is already in there). It is tricky to set up, but once it works it is awesome. :) It beats VNC or RDP easily. Paul I've tried to duplicate this setting but I can only log-in with my username and password I created from a nxclient when I have in sshd.config ... UsePAM yes If I set it to no I can not log-in. In your last section on coping keys, I'm not sure I follow it. For now I used the default key that the server came with. What do you call nxclient? Is it the user account name on the server I created with ...nxserver --useradd joseph? This command copied the nxserver key to my home ~.ssh/authorized_keys file. -- #Joseph GPG KeyID: ED0E1FB7
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On Thu, Mar 19, 2009 at 5:29 PM, Joseph syscon...@gmail.com wrote: On 03/19/09 13:07, Paul Hartman wrote: In my sshd_config I've got: PermitRootLogin No RSAAuthentication no PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no UsePAM no Then in /usr/NX/etc/server.cfg I have: EnableUserDB = 1 EnablePasswordDB = 1 then run /usr//NX/bin/nxserver --useradd yourusername which will add that user to the NX user database as well as create/add an SSH key to that user (which is only used by NX on the local machine, it will SSH to itself). The password you create for this user is what you'll use in nxclient when connecting to the remote machine, and the SSH key in nxclient is the one that user would normally use to login to the box with regular SSH. If you don't use key authentication with SSH, you should be able to have the two NX server options above set to 0, and use the user's normal password to login. You will still need to put your NX server key into nxclient (unless you use the default key which is already in there). It is tricky to set up, but once it works it is awesome. :) It beats VNC or RDP easily. Paul I've tried to duplicate this setting but I can only log-in with my username and password I created from a nxclient when I have in sshd.config ... UsePAM yes If I set it to no I can not log-in. In your last section on coping keys, I'm not sure I follow it. For now I used the default key that the server came with. What do you call nxclient? Is it the user account name on the server I created with ...nxserver --useradd joseph? This command copied the nxserver key to my home ~.ssh/authorized_keys file. In my setup I do not use passwords for SSH, or even allow them at all, I only use the public key auth. So UsePAM no and the other options gets rid of the interactive password prompt entirely. Here is my understanding of how the NX bits all fit together: Think of it as a 2-step connection. The first step is connecting from the remote nxclient to the nxserver. For this step, it uses the SSH key that you can put into nxclient. That only authenticates you as being able to connect to the NX server, it doesn't get you into any user files or desktops. By keeping the default NX key, anyone with NX client can connect to your box and get to this point. The second step, now that you are authenticated and connected to the NX server, is connecting to the remote desktop. Only users granted access to NX by --useradd are allowed to proceed past step 1, so even using default NX key won't let someone in any further unless they know your NX user's name and password. In the case of Linux remote desktops (the usual case), the key it installed into your user's authorized_keys is what NX server then uses to make an SSH login to your user's desktop environment. (I believe the NX user's key is set to only work when logging in from localhost). NX can also be used as a proxy to connect to VNC or RDP. When the VNC or RDP machine is on the local network of the NX server, the connection between those two machines is very fast. Then, that VNC/RDP is re-encoded using NX between the server and the client. Since NX's protocol is faster over the internet, you can actually get a faster RDP than if you had connected directly to the Windows machine using rdesktop.
Re: [gentoo-user] nxserver-freenx - user nx not allowed because account is locked
On 03/19/09 17:48, Paul Hartman wrote: Here is my understanding of how the NX bits all fit together: Think of it as a 2-step connection. The first step is connecting from the remote nxclient to the nxserver. For this step, it uses the SSH key that you can put into nxclient. That only authenticates you as being able to connect to the NX server, it doesn't get you into any user files or desktops. By keeping the default NX key, anyone with NX client can connect to your box and get to this point. I think my ssh-keys might not be correct between the nxclient. I've installed on one Linux box: net-misc/nxclient and the server is running: nxserver-freeedition maybe the key from nxclient: /usr/NX/share/keys/server.id_dsa.key is not the correct one, this key is a private key. and to my understanding in order to log-in into the server I need to copy nxclinet's public key to the serer; but I can not fine one. -- #Joseph GPG KeyID: ED0E1FB7
