Solved

Problems installing/configuring FreeNX

Posted on 2009-05-07
24
2,690 Views
Last Modified: 2012-06-21
Hello,


I am trying to install FreeNX on my Fedora Core 10 machine. By executing yum install freenx, the package was installed.

During the configuration, I copied the DSA Private key from /etc/nxserver/client.id_dsa.key.
I copied /etc/nxserver/node.conf.sample to /etc/nxserver/node.conf to have a valid conf file. However, I didn't make any changes to the default file.

Now, when I try to connect from a Windows client, the following error occurs: "The NX service is not available or the NX access was disabled on host xx.xx.xx.xx". When I click on Detail, the log shows:

NX> 203 NXSSH running with pid: 2232
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: xx.xx.xx.xx on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

I also tried to connect from another client.
I tried to reinstall FreeNX several times, but without any luck.
The last post in http://ubuntuforums.org/archive/index.php/t-1012056.html didn't help either - there is no such file.
I am installing FreeNX with a SSH connection, so I don't think there's anything wrong with that part.

Do you have any suggestions?


Thanks in advance!
0
Comment
Question by:thijs321
  • 10
  • 9
  • 4
  • +1
24 Comments
 
LVL 5

Assisted Solution

by:0ren
0ren earned 125 total points
ID: 24328323
the method is public key
did you exchange one ?
you should copy the public key from the host you are working on to the ~/.ssh/authorized_keys
file in the directory of the user you want to login as on the other machine
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 375 total points
ID: 24329828
These lines indicates that there's a problem with authentication in ssh:

NX> 200 Connected to address: xx.xx.xx.xx on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey

So it requires that the nx user should have a $HOME/.ssh directory.
This directory needs to be populated with two files called identity and identity.pub which contains your ssh key private and public certificates.

Then you need to go to your pc and insert yhe identity fila to your ssh client too.

So only after you've completed these steps you'll be able to authenticate and  login using publickey.
0
 
LVL 16

Expert Comment

by:ai_ja_nai
ID: 24361931
Does Windows have the public ssh key with it?
Did you copy the private key in FreeNX dir?
0
 

Author Comment

by:thijs321
ID: 24382360
The nx user has a home dir /var/lib/nxserver/home. This home dir contains a .ssh directory, with an symbolic link authorized_keys, to my public key in /etc/nxserver.
I tried to add the mentioned identity and identity.pub filse to /var/lib/nxserver/home/.ssh, without any success.
I also tried creating a .ssh dir in the home dir of the user I'm trying to login with. Unfortunately, there's no good luck yet.

And yes, I copied the contents of the private key into the configuration's text box of the nx client.
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 375 total points
ID: 24382456
Will you try to logon this server manually using the public key in question ?
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24382464
Will you please post the contents of autorized_keys ?
0
 

Author Comment

by:thijs321
ID: 24382492

ssh-dss AAAAB3NzaC1kc3MAAACBAMunkmEVQaEXxmqQ6wr7Ub4xjta2kyjN//hmxwYHyyO3faOuGv9sVKSX2gCJPVycV6YSBCELm0LMBGLXuZYlaDb/gbSsG/21FOPq4/mxTVvSVKA6kRcYJCZwwNifu89XQ0wpxhss5etsKogCPEJmCs/f0u5t4IaocEnpeLCnBVXjAAAAFQD5A8vSeN4aIY99YalO2zh9ZDyYUwAAAIBywZ66xvPpmRQbDP6HfSl8+hnt/Mu4PfZu6te3UbcPnyQtPBAx++v7EsgdX0O10nC1vxhnItGUGGq/M4xH7t8XA8Rj5rWqgiuMtNXaHBWHF3SGV4YBYiW/mvg6eQAwG55CzgMmcX3/iWhCRNcJt2+HKFI+0/jnLC4voMbJKMdSogAAAIEAvVPggB/LfgLlxV7KGpZcn0DBvtdd5JxOspJplgHgE7ar3PnPzVjrq/3o/U7ArTNm9lT8wbuB7qjW85eJXGeeuljGtJFgOtmfvRB7LJX4sCGzqU3O0LjZSiwimYnTmppO5Y7rLSBX9+3JfOtZXK9vVKnlNWdGbj9uMuUXMSDf34M= root@xxxxxxxxxxxxxxxxxxxx

Open in new window

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24382579
I guess this is the problem.

Once you've generated your keys the nx user should have a directory called

$HOME/.ssh

You will create the key with this command::
ssh-keygen  -t dsa

When the command completed  the directory should contain these 2 files:
id_dsa
id_dsa.pub

You will need to paste the contents of id_dsa.pub to the NX


The authorized_kesy file only necessary on connecting clients .ssh directory. Not on  the server.. Besides authorized_keys file should contain Version 1 rsa keys. For version 2 DSA keys the system uses authorized_keys2 instead.  There's a problem there. Are you sure you've followed all instructions properly during the setup ?

Cheers,
K.

0
 
LVL 5

Expert Comment

by:0ren
ID: 24384511
# to exchange keys you can

# cd to your home
cd ~
cat .ssh/id_dsa.pub | ssh server 'cat - >> .ssh/authorized_keys'

this after you run on both machines
ssh-keygen -t dsa
0
 

Author Comment

by:thijs321
ID: 24385843
Please note that the client is running on a Windows machine.

What I did, is copy the private dsa key from my Linux server to the text box of the NX client in Windows. During the installation, nx creates a pair of keys for me, which I used. What I don't get is why I would need to create a new pair.
0
 
LVL 5

Expert Comment

by:0ren
ID: 24387228
you dont as long as they are a pair.
0
 

Author Comment

by:thijs321
ID: 24448953
For some reason, if I create a pair of keys for nx, it keeps asking me for a password when I try to connect to it through ssh.

However, when I create a user keytest and create a pair, it works perfectly. Any ideas?
Permission denied (publickey,gssapi-with-mic,password).

[root@xxxxxxxxxxx nxserver]# useradd keytest

[root@xxxxxxxxxxx nxserver]# cd /home/keytest

[root@xxxxxxxxxxx keytest]# ls

[root@xxxxxxxxxxx keytest]# mkdir .ssh

[root@xxxxxxxxxxx keytest]# cd .ssh

[root@xxxxxxxxxxx .ssh]# ls

[root@xxxxxxxxxxx .ssh]# ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/root/.ssh/id_dsa): /home/keytest/.ssh/id_dsa

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/keytest/.ssh/id_dsa.

Your public key has been saved in /home/keytest/.ssh/id_dsa.pub.

The key fingerprint is:

71:e3:14:a5:e4:ac:22:74:95:cd:2f:86:e8:0f:92:4b root@xxxxxxxxxxx

The key's randomart image is:

+--[ DSA 1024]----+

|        .+o..    |

|       ..+oo     |

|    . ....B.     |

|   . .. .*o..    |

|    .o. S...     |

|    E.o.         |

|   . o o         |

|    .   .        |

|                 |

+-----------------+

[root@xxxxxxxxxxx .ssh]# ls

id_dsa  id_dsa.pub

[root@xxxxxxxxxxx .ssh]# ln -s id_dsa.pub authorized_keys

[root@xxxxxxxxxxx .ssh]# ls

authorized_keys  id_dsa  id_dsa.pub

[root@xxxxxxxxxxx .ssh]# ll

total 8

lrwxrwxrwx 1 root root  10 2009-05-22 10:30 authorized_keys -> id_dsa.pub

-rw------- 1 root root 668 2009-05-22 10:30 id_dsa

-rw-r--r-- 1 root root 624 2009-05-22 10:30 id_dsa.pub

[root@xxxxxxxxxxx .ssh]# ssh -i id_dsa keytest@localhost

[keytest@xxxxxxxxxxx ~]$ logout

Connection to localhost closed.

[root@xxxxxxxxxxx .ssh]# passwd keytest

Changing password for user keytest.

New UNIX password:

BAD PASSWORD: it is too short

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@xxxxxxxxxxx .ssh]# ssh -i id_dsa keytest@localhost

Last login: Fri May 22 10:30:37 2009 from localhost.localdomain

[keytest@xxxxxxxxxxx ~]$
 
 
 
 
 
 
 

[root@xxxxxxxxxxx nxserver]# cd /var/lib/nxserver/home/.ssh

[root@xxxxxxxxxxx .ssh]# ls

authorized_keys  known_hosts

[root@xxxxxxxxxxx .ssh]# mv authorized_keys authorized_keys.bak

[root@xxxxxxxxxxx .ssh]# ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/root/.ssh/id_dsa): /var/lib/nxserver/home/.ssh/id_dsa

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /var/lib/nxserver/home/.ssh/id_dsa.

Your public key has been saved in /var/lib/nxserver/home/.ssh/id_dsa.pub.

The key fingerprint is:

5a:3c:26:97:d7:98:ca:c6:60:92:b0:54:3c:20:7e:ba root@xxxxxxxxxxx

The key's randomart image is:

+--[ DSA 1024]----+

|. .o.            |

|.. .o            |

| .o. .           |

| .oo . . . +     |

| .. o + S + .    |

|  .  o X +       |

| E    . =        |

|       .         |

|                 |

+-----------------+

[root@xxxxxxxxxxx .ssh]# ll

total 12

lrwxrwxrwx 1 root root  35 2009-05-22 09:48 authorized_keys.bak -> /etc/nxserver/server.id_dsa.pub.key

-rw------- 1 root root 668 2009-05-22 10:55 id_dsa

-rw-r--r-- 1 root root 624 2009-05-22 10:55 id_dsa.pub

-rw-r--r-- 1 nx   root 392 2009-05-22 09:07 known_hosts

[root@xxxxxxxxxxx .ssh]# chown nx id_dsa

[root@xxxxxxxxxxx .ssh]# chown nx id_dsa.pub

[root@xxxxxxxxxxx .ssh]# ll

total 12

lrwxrwxrwx 1 root root  35 2009-05-22 09:48 authorized_keys.bak -> /etc/nxserver/server.id_dsa.pub.key

-rw------- 1 nx   root 668 2009-05-22 10:55 id_dsa

-rw-r--r-- 1 nx   root 624 2009-05-22 10:55 id_dsa.pub

-rw-r--r-- 1 nx   root 392 2009-05-22 09:07 known_hosts

[root@xxxxxxxxxxx .ssh]# ln -s id_dsa.pub authorized_keys

[root@xxxxxxxxxxx .ssh]# ll

total 12

lrwxrwxrwx 1 root root  10 2009-05-22 10:56 authorized_keys -> id_dsa.pub

lrwxrwxrwx 1 root root  35 2009-05-22 09:48 authorized_keys.bak -> /etc/nxserver/server.id_dsa.pub.key

-rw------- 1 nx   root 668 2009-05-22 10:55 id_dsa

-rw-r--r-- 1 nx   root 624 2009-05-22 10:55 id_dsa.pub

-rw-r--r-- 1 nx   root 392 2009-05-22 09:07 known_hosts

[root@xxxxxxxxxxx .ssh]# chown nx authorized_keys

[root@xxxxxxxxxxx .ssh]# ll

total 12

lrwxrwxrwx 1 root root  10 2009-05-22 10:56 authorized_keys -> id_dsa.pub

lrwxrwxrwx 1 root root  35 2009-05-22 09:48 authorized_keys.bak -> /etc/nxserver/server.id_dsa.pub.key

-rw------- 1 nx   root 668 2009-05-22 10:55 id_dsa

-rw-r--r-- 1 nx   root 624 2009-05-22 10:55 id_dsa.pub

-rw-r--r-- 1 nx   root 392 2009-05-22 09:07 known_hosts

[root@xxxxxxxxxxx .ssh]# ssh -i id_dsa nx@localhost

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Last login: Fri May 22 10:26:55 2009 from localhost.localdomain

HELLO NXSERVER - Version 3.2.0-73 OS (GPL, using backend: not detected)

NX> 105

quit

Quit

NX> 999 Bye

Connection to localhost closed.

[root@xxxxxxxxxxx .ssh]#

Open in new window

0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 5

Expert Comment

by:0ren
ID: 24449125
check the permissions on the destination user home directory or its .ssh under it
.ssh should be 700 .im not sure about the home but you can trial and error it.
0
 

Author Comment

by:thijs321
ID: 24449193
Thank you for you quick answer.

All permissions seem to be fine. .ssh is 700 and nx owns all files, except for the authorized_keys link. However, this link has 777 access.
[root@e82-103-142-24s lib]# cd nxserver

[root@e82-103-142-24s nxserver]# ll

total 8

drwx------ 5 nx root 4096 2009-05-22 09:07 db

drwx------ 3 nx root 4096 2008-08-25 13:44 home

[root@e82-103-142-24s nxserver]# cd home

[root@e82-103-142-24s home]# ll

total 0

[root@e82-103-142-24s home]# ll -a

total 12

drwx------ 3 nx root 4096 2008-08-25 13:44 .

drwx------ 4 nx root 4096 2009-05-22 09:07 ..

drwx------ 2 nx root 4096 2009-05-22 11:13 .ssh

[root@e82-103-142-24s home]# cd .ssh

[root@e82-103-142-24s .ssh]# ll

total 4

lrwxrwxrwx 1 root root  35 2009-05-22 09:48 authorized_keys -> /etc/nxserver/server.id_dsa.pub.key

-rw-r--r-- 1 nx   root 392 2009-05-22 09:07 known_hosts

[root@e82-103-142-24s .ssh]# chown nx authorized_keys

[root@e82-103-142-24s .ssh]# cd /etc/nxserver/

client.id_dsa.key          node.conf                  server.id_dsa.pub.key      users.id_dsa

client.id_dsa.key.old      node.conf.sample           server.id_dsa.pub.key.old  users.id_dsa.pub

[root@e82-103-142-24s .ssh]# cd /etc/nxserver/

[root@e82-103-142-24s nxserver]# ll

total 72

-rw------- 1 nx root   668 2009-05-22 10:11 client.id_dsa.key

-rw------- 1 nx root   672 2009-05-14 17:11 client.id_dsa.key.old

-rw-r--r-- 1 nx root 22209 2009-05-22 08:59 node.conf

-rw-r--r-- 1 nx root 22210 2008-08-25 13:44 node.conf.sample

-rw-r--r-- 1 nx root   624 2009-05-22 10:11 server.id_dsa.pub.key

-rw-r--r-- 1 nx root   624 2009-05-14 17:11 server.id_dsa.pub.key.old

-rw------- 1 nx root   668 2009-05-14 17:11 users.id_dsa

-rw-r--r-- 1 nx root   624 2009-05-14 17:11 users.id_dsa.pub

[root@e82-103-142-24s nxserver]#

Open in new window

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24449414
Hi,

I guess you're placing the keys under the wound user. The previous output you've told specified:

NX> 200 Connected to address: xx.xx.xx.xx on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey

So the cilent connects to the NX server under the nx user. But in your example above you're creating  the keys for the root user as your prompt suggests:

root@e82-103-142-24s .ssh


You need to logon as nx user. Then you need to create keys under:

$HOME/.ssh

Not the /root/.ssh

Once you've finished the isntallation vopy the keys to the windows sytem use this keys with puTTY. If everyting is ok you should be able to logon using the nx user via puTTY over the Windows client.





0
 

Author Comment

by:thijs321
ID: 24449682
In my previous 'code snippet', you can see that I added the keys to the home of the nx user, which actually is /var/lib/nxserver/home.

However, I logged in as nx (after setting the shell to bash in the passwd) and created a pair, with the same result:
[root@xxxxxxxxxxxxx .ssh]# vi /etc/passwd

[root@xxxxxxxxxxxxx .ssh]# su nx

bash-3.2$

bash-3.2$

bash-3.2$

bash-3.2$ pwd

/var/lib/nxserver/home/.ssh

bash-3.2$ ls

authorized_keys  known_hosts

bash-3.2$ ll

bash: ll: command not found

bash-3.2$ ls -l

total 4

lrwxrwxrwx 1 root root  35 2009-05-22 09:48 authorized_keys -> /etc/nxserver/server.id_dsa.pub.key

-rw-r--r-- 1 nx   root 392 2009-05-22 09:07 known_hosts

bash-3.2$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/var/lib/nxserver/home/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /var/lib/nxserver/home/.ssh/id_dsa.

Your public key has been saved in /var/lib/nxserver/home/.ssh/id_dsa.pub.

The key fingerprint is:

4c:6a:c5:1c:a1:e3:74:d1:e7:04:e8:fd:47:77:4a:9f nx@xxxxxxxxxxxxx.xxxxxxxxxxxxx

The key's randomart image is:

+--[ DSA 1024]----+

|        ++..     |

|       +.o. o    |

|      +.*. +     |

|     o B. . . o o|

|      + S  . o +o|

|     .      . oE.|

|             .   |

|                 |

|                 |

+-----------------+

bash-3.2$ ls

authorized_keys  id_dsa  id_dsa.pub  known_hosts

bash-3.2$ mv authorized_keys authorized_keys.bak

bash-3.2$ ln -s id_dsa.pub authorized_keys

bash-3.2$ ls

authorized_keys  authorized_keys.bak  id_dsa  id_dsa.pub  known_hosts

bash-3.2$ ssh -i id_dsa nx@localhost

The authenticity of host 'localhost (127.0.0.1)' can't be established.

RSA key fingerprint is 66:7b:2c:50:ff:3d:52:e1:4c:fe:08:bb:ec:7b:14:f0.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied (publickey,gssapi-with-mic,password).

bash-3.2$ ssh -i id_dsa nx@localhost

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied (publickey,gssapi-with-mic,password).

bash-3.2$ cp authorized_keys authorized_keys.bak2

bash-3.2$ ln -s id_dsa authorized_keys2

bash-3.2$ ls

authorized_keys  authorized_keys2  authorized_keys.bak  authorized_keys.bak2  id_dsa  id_dsa.pub  known_hosts

bash-3.2$ ll

bash: ll: command not found

bash-3.2$ ls -l

total 16

lrwxrwxrwx 1 nx   nx    10 2009-05-22 13:17 authorized_keys -> id_dsa.pub

lrwxrwxrwx 1 nx   nx     6 2009-05-22 13:18 authorized_keys2 -> id_dsa

lrwxrwxrwx 1 root root  35 2009-05-22 09:48 authorized_keys.bak -> /etc/nxserver/server.id_dsa.pub.key

-rw-r--r-- 1 nx   nx   622 2009-05-22 13:18 authorized_keys.bak2

-rw------- 1 nx   nx   668 2009-05-22 13:16 id_dsa

-rw-r--r-- 1 nx   nx   622 2009-05-22 13:16 id_dsa.pub

-rw-r--r-- 1 nx   root 783 2009-05-22 13:17 known_hosts

bash-3.2$ rm authorized_keys2

bash-3.2$ ls -s id_dsa.pub authorized_keys2

ls: cannot access authorized_keys2: No such file or directory

4 id_dsa.pub

bash-3.2$ ls

authorized_keys  authorized_keys.bak  authorized_keys.bak2  id_dsa  id_dsa.pub  known_hosts

bash-3.2$ ln -s id_dsa.pub authorized_keys2

bash-3.2$ ls -la

total 24

drwx------ 2 nx   root 4096 2009-05-22 13:20 .

drwx------ 3 nx   root 4096 2008-08-25 13:44 ..

lrwxrwxrwx 1 nx   nx     10 2009-05-22 13:17 authorized_keys -> id_dsa.pub

lrwxrwxrwx 1 nx   nx     10 2009-05-22 13:20 authorized_keys2 -> id_dsa.pub

lrwxrwxrwx 1 root root   35 2009-05-22 09:48 authorized_keys.bak -> /etc/nxserver/server.id_dsa.pub.key

-rw-r--r-- 1 nx   nx    622 2009-05-22 13:18 authorized_keys.bak2

-rw------- 1 nx   nx    668 2009-05-22 13:16 id_dsa

-rw-r--r-- 1 nx   nx    622 2009-05-22 13:16 id_dsa.pub

-rw-r--r-- 1 nx   root  783 2009-05-22 13:17 known_hosts

bash-3.2$ rm authorized_keys.bak2

bash-3.2$ mv authorized_keys authorized_keys.bak2

bash-3.2$ ls -al

total 20

drwx------ 2 nx   root 4096 2009-05-22 13:20 .

drwx------ 3 nx   root 4096 2008-08-25 13:44 ..

lrwxrwxrwx 1 nx   nx     10 2009-05-22 13:20 authorized_keys2 -> id_dsa.pub

lrwxrwxrwx 1 root root   35 2009-05-22 09:48 authorized_keys.bak -> /etc/nxserver/server.id_dsa.pub.key

lrwxrwxrwx 1 nx   nx     10 2009-05-22 13:17 authorized_keys.bak2 -> id_dsa.pub

-rw------- 1 nx   nx    668 2009-05-22 13:16 id_dsa

-rw-r--r-- 1 nx   nx    622 2009-05-22 13:16 id_dsa.pub

-rw-r--r-- 1 nx   root  783 2009-05-22 13:17 known_hosts

bash-3.2$ ssh -i id_dsa nx@localhost

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied (publickey,gssapi-with-mic,password).

bash-3.2$

Open in new window

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24452539
Hi,

I understand your problem. I've tried the same and I've got the same. However I have some key that I have created in the past and when I use it it just logins without asking any password. I am trying to find how did I create it. I'd created it with VanDyke SecureCRT if my memory is not playing a trick on me. But I could'nt manage to create a similar key using neither using VanDyke SecureCRT nor OpenSSH Key maker. But I'm working on it :)
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24462396
Hi,

I've manage to do it. I guess the problem with your installaton is you're using "su nx" instead of "su -nx". However I am not able to vierfy this in my system because I am using SElinux and it is preventing me to see the .ssh directory when using "su nx" instead of "su - nx". I gues SELinux is not enabled on your system :)


[kerem@moose ~]$ cd .ssh/
 

[kerem@moose .ssh]$ ls -al

total 16

drwx------ 2 kerem kerem 4096 May 24 21:02 .

drwx------ 7 kerem kerem 4096 May 24 20:58 ..

[kerem@moose .ssh]$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/kerem/.ssh/id_dsa): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /home/kerem/.ssh/id_dsa.

Your public key has been saved in /home/kerem/.ssh/id_dsa.pub.

The key fingerprint is:

8f:9f:53:7b:f1:35:fd:93:15:84:28:d9:c3:bc:c0:7d kerem@moose.sibernet.sec

[kerem@moose .ssh]$ ls -al

total 32

drwx------ 2 kerem kerem 4096 May 24 21:03 .

drwx------ 7 kerem kerem 4096 May 24 20:58 ..

-rw------- 1 kerem kerem  668 May 24 21:03 id_dsa

-rw-r--r-- 1 kerem kerem  614 May 24 21:03 id_dsa.pub

[kerem@moose .ssh]$ cp id_dsa.pub authorized_keys

[kerem@moose .ssh]$ ls -al

total 40

drwx------ 2 kerem kerem 4096 May 24 21:04 .

drwx------ 7 kerem kerem 4096 May 24 20:58 ..

-rw-r--r-- 1 kerem kerem  614 May 24 21:03 authorized_keys

-rw------- 1 kerem kerem  668 May 24 21:03 id_dsa

-rw-r--r-- 1 kerem kerem  614 May 24 21:03 id_dsa.pub

[kerem@moose .ssh]$ ssh -i id_dsa kerem@localhost

The authenticity of host 'localhost (127.0.0.1)' can't be established.

RSA key fingerprint is b4:75:b4:7a:a9:1a:06:aa:67:29:8a:41:0c:6e:af:c4.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

Last login: Sun May 24 21:02:08 2009 from localhost.localdomain

[kerem@moose ~]$ ls -al .ssh

total 48

drwx------ 2 kerem kerem 4096 May 24 21:06 .

drwx------ 7 kerem kerem 4096 May 24 20:58 ..

-rw-r--r-- 1 kerem kerem  614 May 24 21:03 authorized_keys

-rw------- 1 kerem kerem  668 May 24 21:03 id_dsa

-rw-r--r-- 1 kerem kerem  614 May 24 21:03 id_dsa.pub

-rw-r--r-- 1 kerem kerem  391 May 24 21:06 known_hosts

[kerem@moose .ssh]$ chmod 600 *

[kerem@moose .ssh]$ ls -al

total 48

drwx------ 2 kerem kerem 4096 May 24 21:06 .

drwx------ 7 kerem kerem 4096 May 24 20:58 ..

-rw------- 1 kerem kerem  614 May 24 21:03 authorized_keys

-rw------- 1 kerem kerem  668 May 24 21:03 id_dsa

-rw------- 1 kerem kerem  614 May 24 21:03 id_dsa.pub

-rw------- 1 kerem kerem  391 May 24 21:06 known_hosts

[kerem@moose .ssh]$ ssh -i id_dsa kerem@localhost

Last login: Sun May 24 21:06:56 2009 from localhost.localdomain

[kerem@moose ~]$ 

Open in new window

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24462409
using ln -s for authorized keys also works for me:
[kerem@moose .ssh]$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/kerem/.ssh/id_dsa): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /home/kerem/.ssh/id_dsa.

Your public key has been saved in /home/kerem/.ssh/id_dsa.pub.

The key fingerprint is:

2b:d6:e9:5c:c8:1e:28:98:b4:b3:9a:5c:ba:de:fc:46 kerem@moose.sibernet.sec

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ ls -al

total 32

drwx------ 2 kerem kerem 4096 May 24 21:14 .

drwx------ 7 kerem kerem 4096 May 24 20:58 ..

-rw------- 1 kerem kerem  668 May 24 21:14 id_dsa

-rw-r--r-- 1 kerem kerem  614 May 24 21:14 id_dsa.pub

[kerem@moose .ssh]$ ln -s id_dsa.pub authorized_keys

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ chmod 600 id*

[kerem@moose .ssh]$ ls -al

total 36

drwx------ 2 kerem kerem 4096 May 24 21:14 .

drwx------ 7 kerem kerem 4096 May 24 20:58 ..

lrwxrwxrwx 1 kerem kerem   10 May 24 21:14 authorized_keys -> id_dsa.pub

-rw------- 1 kerem kerem  668 May 24 21:14 id_dsa

-rw------- 1 kerem kerem  614 May 24 21:14 id_dsa.pub

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ 

[kerem@moose .ssh]$ ssh -i id_dsa kerem@localhost

The authenticity of host 'localhost (127.0.0.1)' can't be established.

RSA key fingerprint is b4:75:b4:7a:a9:1a:06:aa:67:29:8a:41:0c:6e:af:c4.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

Last login: Sun May 24 21:08:22 2009 from localhost.localdomain

[kerem@moose ~]$ ls -al .ssh

total 44

drwx------ 2 kerem kerem 4096 May 24 21:14 .

drwx------ 7 kerem kerem 4096 May 24 20:58 ..

lrwxrwxrwx 1 kerem kerem   10 May 24 21:14 authorized_keys -> id_dsa.pub

-rw------- 1 kerem kerem  668 May 24 21:14 id_dsa

-rw------- 1 kerem kerem  614 May 24 21:14 id_dsa.pub

-rw-r--r-- 1 kerem kerem  391 May 24 21:14 known_hosts

[kerem@moose ~]$ 

Open in new window

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24463245
I get why are you failing to do the check:

- Passwords are entered to protect Private keys only. So if you authenticate with public key instead (id_dsa.pub) you'll get the prompt for password but would not be able to supply it since one is not supplied with the public key. So be careful about my examples. They are all autheticated with the private key not the public key.

Cheers,
K.
0
 

Author Comment

by:thijs321
ID: 24467680
Hi Kerem, thank you for your effort. Below you can see the things I did. However, I still didn't manage to get it to work. I'm using su - nx now. Maybe you can see what I'm doing wrong. To comment on your last post, I guess I've used the the private key to authenticate all the time, or is this view incorrect?
[root@e82-103-142-24s ~]# su - nx

-bash-3.2$ cd .ssh

-bash-3.2$ ls -al

total 16

drwxr-xr-x 2 nx   root 4096 2009-05-25 11:18 .

drwxr-xr-x 4 nx   root 4096 2009-05-25 11:13 ..

lrwxrwxrwx 1 nx   root   10 2009-05-22 17:13 authorized_keys -> id_dsa.pub

lrwxrwxrwx 1 root root   28 2009-05-22 17:26 authorized_keys.bak2 -> /home/jantje/.ssh/id_rsa.pub

-rw------- 1 nx   root  672 2009-05-25 11:03 id_dsa

-rw-r--r-- 1 nx   root  624 2009-05-22 17:12 id_dsa.pub

-rwxrwxrwx 1 nx   root    0 2009-05-25 11:09 known_hosts

-bash-3.2$ rm id_dsa

-bash-3.2$ rm id_dsa.pub

-bash-3.2$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/var/lib/nxserver/home/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /var/lib/nxserver/home/.ssh/id_dsa.

Your public key has been saved in /var/lib/nxserver/home/.ssh/id_dsa.pub.

The key fingerprint is:

8e:d4:d3:74:e7:aa:8a:aa:b9:ba:73:86:ea:90:f8:bd nx@e82-103-142-24s.easyspeedy.dk

The key's randomart image is:

+--[ DSA 1024]----+

|                 |

|                 |

|          . . .  |

|       . o . o   |

|      . S .   .  |

|..   . o .   .   |

|+.    . .   .    |

|+.oo   .   .     |

|*B=oEo. ...      |

+-----------------+

-bash-3.2$ ls -al

total 16

drwxr-xr-x 2 nx   root 4096 2009-05-25 18:51 .

drwxr-xr-x 4 nx   root 4096 2009-05-25 11:13 ..

lrwxrwxrwx 1 nx   root   10 2009-05-22 17:13 authorized_keys -> id_dsa.pub

-rw------- 1 nx   nx    672 2009-05-25 18:51 id_dsa

-rw-r--r-- 1 nx   nx    622 2009-05-25 18:51 id_dsa.pub

-rwxrwxrwx 1 nx   root    0 2009-05-25 11:09 known_hosts

-bash-3.2$ ssh -i id_dsa nx@localhost

The authenticity of host 'localhost (127.0.0.1)' can't be established.

RSA key fingerprint is 66:7b:2c:50:ff:3d:52:e1:4c:fe:08:bb:ec:7b:14:f0.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied (publickey,gssapi-with-mic,password).

-bash-3.2$ logout

[root@e82-103-142-24s ~]# cd /var/lib/home

-bash: cd: /var/lib/home: No such file or directory

[root@e82-103-142-24s ~]# cd /var/lib/nxserver/home

[root@e82-103-142-24s home]# ls

[root@e82-103-142-24s home]# ls -l

total 0

[root@e82-103-142-24s home]# ls -al

total 20

drwxr-xr-x 4 nx root 4096 2009-05-25 11:13 .

drwx------ 4 nx root 4096 2009-05-22 17:12 ..

-rw------- 1 nx nx    252 2009-05-25 18:56 .bash_history

drwx------ 3 nx nx   4096 2009-05-25 11:13 .kde

drwxr-xr-x 2 nx root 4096 2009-05-25 18:51 .ssh

[root@e82-103-142-24s home]# cd .ssh

[root@e82-103-142-24s .ssh]# ls -al

total 20

drwxr-xr-x 2 nx   root 4096 2009-05-25 18:51 .

drwxr-xr-x 4 nx   root 4096 2009-05-25 11:13 ..

lrwxrwxrwx 1 nx   root   10 2009-05-22 17:13 authorized_keys -> id_dsa.pub

-rw------- 1 nx   nx    672 2009-05-25 18:51 id_dsa

-rw-r--r-- 1 nx   nx    622 2009-05-25 18:51 id_dsa.pub

-rwxrwxrwx 1 nx   root  391 2009-05-25 18:52 known_hosts

[root@e82-103-142-24s .ssh]# su - nx

-bash-3.2$ cd .ssh

-bash-3.2$ ls

authorized_keys  id_dsa  id_dsa.pub  known_hosts

-bash-3.2$ logout

[root@e82-103-142-24s .ssh]# ls

authorized_keys  id_dsa  id_dsa.pub  known_hosts

[root@e82-103-142-24s .ssh]# rm authorized_keys

rm: remove symbolic link `authorized_keys'? y

[root@e82-103-142-24s .ssh]# su - nx

-bash-3.2$ cd .ssh

-bash-3.2$ ls

id_dsa  id_dsa.pub  known_hosts

-bash-3.2$ ls -n id_dsa authorized_keys

ls: cannot access authorized_keys: No such file or directory

-rw------- 1 496 495 672 2009-05-25 18:51 id_dsa

-bash-3.2$ ls -n id_dsa.pub authorized_keys

ls: cannot access authorized_keys: No such file or directory

-rw-r--r-- 1 496 495 622 2009-05-25 18:51 id_dsa.pub

-bash-3.2$ ls

id_dsa  id_dsa.pub  known_hosts

-bash-3.2$ ls -al

total 20

drwxr-xr-x 2 nx root 4096 2009-05-25 18:57 .

drwxr-xr-x 4 nx root 4096 2009-05-25 11:13 ..

-rw------- 1 nx nx    672 2009-05-25 18:51 id_dsa

-rw-r--r-- 1 nx nx    622 2009-05-25 18:51 id_dsa.pub

-rwxrwxrwx 1 nx root  391 2009-05-25 18:52 known_hosts

-bash-3.2$ ln -s id_dsa.pub authorized_keys

-bash-3.2$ ls -al

total 20

drwxr-xr-x 2 nx root 4096 2009-05-25 18:58 .

drwxr-xr-x 4 nx root 4096 2009-05-25 11:13 ..

lrwxrwxrwx 1 nx nx     10 2009-05-25 18:58 authorized_keys -> id_dsa.pub

-rw------- 1 nx nx    672 2009-05-25 18:51 id_dsa

-rw-r--r-- 1 nx nx    622 2009-05-25 18:51 id_dsa.pub

-rwxrwxrwx 1 nx root  391 2009-05-25 18:52 known_hosts

-bash-3.2$ ssh -i id_dsa nx@localhost

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied, please try again.

nx@localhost's password:

Permission denied (publickey,gssapi-with-mic,password). 

Open in new window

0
 

Author Comment

by:thijs321
ID: 24492316
Hi,

I finally managed to get it to work. I copied the nx-generated private key from /etc/nxserver to /var/lib/nxserver/home/.ssh. This fixed the keys-problem, however I'm not sure why it didn't work with the keys I genereated in the same directory.

Additionally, I followed the guidelines on http://fedoraforum.org/forum/showthread.php?t=206602

The combination of the two made it able to login to the machine using NX Client.

Thank you all for your effort.
0
 

Author Closing Comment

by:thijs321
ID: 31579085
Thank you
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24493525
Hi,

You need to make chmod 600 all your keys. SSH is very sensitive for file permissions. So may be this is why you could not manage to get logged on using them. BTW why are you linking authorized_keys to your id_dsa.pub? Though it might work now what will you gonna do if you need some other key which will also need to be authorized for the account?  

Please follow all my steps in the same order. I am able to logon using them.

Another good idea is to use  -t rsa keys.  RSA was previously copyrighted and this is why  people are used to use them. But now the copyright period for RSA is over and it is known that DSA keys are more susceptible to hacking. There are recent reports all related to DSA and ECDSA keys.

SSH is very sensitive for file permissions. So may be this is why you could not manage to get logged on using them.

 
Lastly you're welcome. I'm happy if I could be of help.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now