You are not logged in.

#26 2005-01-25 09:39:58

morphus
Member
From: Braunschweig
Registered: 2003-08-06
Posts: 145

Re: [request] FreeNX

nxsetup tries to start sshd on its own...
You posted some output where it does so by running "/etc/init.d/ssh start"..
That should actually be "/etc/rc.d/sshd start" on archlinux..

You are right; shouldn't be easy by using a diff-file for that script. But it's annoying when package-version changes...


And a short message that sshd should be enabled in rc.conf would be appropiate as well, I guess

Yes please smile

Offline

#27 2005-01-25 10:27:36

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

I chose the client for the windows-system on my notebook, installed, started, gave username and password (I disabled this secure public-key-thing), gave the ip of my linux-system and et voila - connected to a new kde-session on my main computer

How did you disable the public key thing? Does this then rey on just passwords?


Kind regards

Benedict White

Offline

#28 2005-01-25 10:33:20

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

Also, I can't log on with the same problem kakabaratruskia.

My ssh is still working as normal, as in I can use putty to get in on ssh.

is there something that needs changing in my ssh config there?


Kind regards

Benedict White

Offline

#29 2005-01-25 10:42:56

DXManiac
Member
From: Hamburg, Germany
Registered: 2004-12-09
Posts: 46
Website

Re: [request] FreeNX

Benedict_White wrote:

Also, I can't log on with the same problem kakabaratruskia.

My ssh is still working as normal, as in I can use putty to get in on ssh.

is there something that needs changing in my ssh config there?

Did you copy the public key, that nxsetup created for you, to your nxclient machine?

Warning: Clients will not be able to login to this server with the standard key.
         Please replace /usr/NX/share/client.id_dsa.key on all clients you want'
         to use with the private key from /usr/NX/home/nx/.ssh/client.id_dsa.key
         and protect it accordingly.

If you want to use the NoMachine key please remove
"/usr/NX/home/nx/.ssh/authorized_keys2" and run "/usr/NX/bin/nxsetup" with the parameter "--setup-nomachine-key".


Also, you must add the users you want to be able to use freenx to your nxserver by typing:

/usr/NX/bin/nxserver --adduser $USERNAME
/usr/NX/bin/nxserver --password $USERNAME

HTH,
DXManiac

[/code]

Offline

#30 2005-01-25 11:00:56

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

/usr/NX/bin/nxserver --adduser $USERNAME

Works for me, but

/usr/NX/bin/nxserver --password $USERNAME

comes up with:
/usr/NX/bin/nxserver --password benedict
NX> 100 NXSERVER - Version 1.4.0-02 OS_(GPL)
NX> 500 Error: Function --password not implemented yet.


If you do not get that, maybe I should be using the package someone else made.


Kind regards

Benedict White

Offline

#31 2005-01-25 11:03:42

morphus
Member
From: Braunschweig
Registered: 2003-08-06
Posts: 145

Re: [request] FreeNX

--passwd, not --password smile

Offline

#32 2005-01-25 11:45:41

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

Umm...
Still not able to log in remotely.

I am getting this:

server not installed or NX remote access disabled

And this in the detail:

NX> 203 NXSSH running with pid: 798467
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 200 Connected to address: 192.168.244.11 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

I made the package, installed the package, started it, set users up, ensured there was a user nx with shell /usr/NX/bin/nxserver but as yet no joy.

I don't suppose someone who has it working could list all their steps?

That way I will probably pacman -R freenx and re do it.


Kind regards

Benedict White

Offline

#33 2005-01-25 11:58:58

jochen
Member
From: Germany
Registered: 2004-06-01
Posts: 102

Re: [request] FreeNX

Benedict_White wrote:

Umm...
Still not able to log in remotely.

I am getting this:

server not installed or NX remote access disabled

And this in the detail:

NX> 203 NXSSH running with pid: 798467
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 200 Connected to address: 192.168.244.11 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

What's in your /var/log/auth ?

Offline

#34 2005-01-25 12:26:25

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: [request] FreeNX

I'm having exactly the same difficulties as you, Benedict. I did

tail -f /var/log/auth

and opened a regular ssh connection. The log showed the following:

Jan 25 12:16:47 tk-i5ka sshd[29333]: Accepted password for tomk from 192.168.10.10 port 33087

I disconnected ssh, and attempted an NX session. The log showed nothing at all.

I have copied the client key to the maching I'm connecting from, and I have verified that user nx has been created with the correct parameters.

For comparison, here are the log entries I get when I connect to FreeNX on my Debian machine:

Jan 25 12:09:51 localhost sshd[32292]: Accepted publickey for nx from ::ffff:192.168.10.10 port 33084 ssh2
Jan 25 12:09:51 localhost sshd[32296]: (pam_unix) session opened for user nx by (uid=0)
Jan 25 12:09:53 localhost sshd[32319]: Accepted keyboard-interactive/pam for tomk from ::ffff:127.0.0.1 port 37892 ssh2
Jan 25 12:09:53 localhost sshd[32322]: (pam_unix) session opened for user tomk by (uid=0)
Jan 25 12:09:53 localhost sshd[32322]: (pam_unix) session closed for user tomk
Jan 25 12:09:54 localhost sshd[32381]: Accepted keyboard-interactive/pam for tomk from ::ffff:127.0.0.1 port 37893 ssh2
Jan 25 12:09:54 localhost sshd[32384]: (pam_unix) session opened for user tomk by (uid=0)

Offline

#35 2005-01-25 12:29:58

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

How is your sshd_config configured?


Kind regards

Benedict White

Offline

#36 2005-01-25 12:30:45

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

Sorry, how is sshd configured on both machines?


Kind regards

Benedict White

Offline

#37 2005-01-25 13:18:01

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: [request] FreeNX

sshd_config on the Arch NX machine:

#       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/lib/ssh/sftp-server

I have made no changes to this - it's the default config installed by pacman.

sshd_config on the Debian NX machine:

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no


# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

Subsystem       sftp    /usr/lib/sftp-server

UsePAM yes

As above, no changes made after installation.

It hadn't occurred to me to compare these - ssh sessions are working fine on both machines, so I didn't see the point. Probably worth a look, though.

Offline

#38 2005-01-25 13:30:17

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

Now all we need is to see the same from a system that works.

(i.e. /etc/ssh/sshd_config)


Kind regards

Benedict White

Offline

#39 2005-01-25 13:36:55

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

jochen wrote:

What's in your /var/log/auth ?

I have a var/log/auth.log, and it only contains records of normal ssh sessions with putty.

Could that be the problem?

(That I have an ssh session open at the same time?

What does your look like?


Also I appear to have a problem using pam with sshd as then I can't login as root.


Kind regards

Benedict White

Offline

#40 2005-01-25 13:41:06

morphus
Member
From: Braunschweig
Registered: 2003-08-06
Posts: 145

Re: [request] FreeNX

When I am back home I will post my list of steps I made.

But I don't use the public-key-method, only the username / pw one. Without any hazzle...

Offline

#41 2005-01-25 19:04:51

morphus
Member
From: Braunschweig
Registered: 2003-08-06
Posts: 145

Re: [request] FreeNX

[morphus@spielemorph ~]$ cat /etc/ssh/sshd_config
#       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
#Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/lib/ssh/sftp-server
[morphus@spielemorph ~]$   

This is my sshd, just checking my bash_history for what I've been doing smile

Think this is the most important part:

pacman -A freenx-server-1.4.0-1.pkg.tar.gz
rm /usr/NX/home/nx/.ssh/client.id_dsa.key
/usr/NX/bin/nxsetup --setup-nomachine-key
/usr/NX/bin/nxserver
/usr/NX/bin/nxserver --status
/usr/NX/bin/nxserver --listuser
nxserver --adduser morphus
/usr/NX/bin/nxserver --adduser morphus
rm /home/morphus/.ssh/authorized_keys2
/usr/NX/bin/nxserver --passwd morphus

Then I connected using a windows-client-binary on my notebook. Flawlessly...

Offline

#42 2005-01-25 20:14:08

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

OK, I will run through that tomorrow.

Thanks for the heads up, it is obviously nothing to do with ssh.

However, two other questions.

1. Did you build the package on the machine you now run it on?

2. From your bash history it looks like nxserver is in your path. Is this correct, because it is not in mine.


Kind regards

Benedict White

Offline

#43 2005-01-25 20:31:10

morphus
Member
From: Braunschweig
Registered: 2003-08-06
Posts: 145

Re: [request] FreeNX

1. Did you build the package on the machine you now run it on?

Yes, I did.

2. From your bash history it looks like nxserver is in your path. Is this correct, because it is not in mine.

No, it wasn't; I was just typing before thinking and had to do it again with the correct path smile

Offline

#44 2005-01-25 22:16:15

cjdj
Member
From: Perth, Western Australia
Registered: 2004-05-07
Posts: 121

Re: [request] FreeNX

If your having problems with it authenticating, then check the /etc/shadow file for the nx user.  If the second field is a ! then you need to change it to a *.

In your /var/log/auth you might see a message saying something about nx user is locked.

I dont know if this change causes a security risk, but that is what I had to do to get freenx to work.  It works great by the way.

Offline

#45 2005-01-26 11:59:05

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

Well, I got it working on my laptop (as in that is the server) which is where I am posting from, using freenx from my win9x desktop. Interesting.

I would not say it was flawless though.

I will have a play.


Kind regards

Benedict White

Offline

#46 2005-01-26 12:16:37

DXManiac
Member
From: Hamburg, Germany
Registered: 2004-12-09
Posts: 46
Website

Re: [request] FreeNX

Benedict_White wrote:

Well, I got it working on my laptop (as in that is the server) which is where I am posting from, using freenx from my win9x desktop. Interesting.

I would not say it was flawless though.



I'm a bit confused right now.. so many "works" and "does not work"..

Would you mind making up a list of flaws you found?


Because here, it's all a matter of:

pacman -A freenx-server-1.4.0-1.pkg.tar.gz
/usr/NX/bin/nxsetup --setup-nomachine-key
/usr/NX/bin/nxserver --adduser anaumann
/usr/NX/bin/nxserver --passwd anaumann

and I can connect using the default installation of NoMachine's nxclient on a windows box.

Offline

#47 2005-01-26 12:31:17

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

Right, well the issues I have are:

1. The win9x client is a bit unstable on my machine (Well, that's M$ I suppose).

2. It does not seem to work as a package unless the package was made on the machine on which you wish to run it on.

3. It seems not to like using existing kde users, so I set up a news one.

4. It seems also to dislike running a remote session when X is running on my laptop, but then my laptop was rescued from a skip, it is that old.

I am still playing though, it may be user error on my part.


Kind regards

Benedict White

Offline

#48 2005-01-26 13:13:29

morphus
Member
From: Braunschweig
Registered: 2003-08-06
Posts: 145

Re: [request] FreeNX

1. The Win-XP Client is stable enough, probably a win98-thing...
2. Haven't tried that yet
3. This was working for me without any problems
4. That's working for me, too; I can even log in using the same user remote and local at the same time.

The Only problem I got is this english/german keyboard thing mentioned before...

Offline

#49 2005-01-26 13:27:24

Benedict_White
Member
From: Sussex, UK
Registered: 2004-05-27
Posts: 331
Website

Re: [request] FreeNX

The Only problem I got is this english/german keyboard thing mentioned before...

Funilly enough I have a similar problem with my UK keyboard too.

I would be interested to know if it works OK on a machine that you have set up without having made the package on that machine.


Kind regards

Benedict White

Offline

#50 2005-01-26 15:07:49

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: [request] FreeNX

DXManiac wrote:
pacman -A freenx-server-1.4.0-1.pkg.tar.gz
/usr/NX/bin/nxsetup --setup-nomachine-key
/usr/NX/bin/nxserver --adduser anaumann
/usr/NX/bin/nxserver --passwd anaumann

Are none of you bothered by the security warning?

  --setup-nomachine-key   Allow login with the key shipped with the NoMachine client. This can be a security risk. So it is not recommended. Use this option on your own risk.

As mentioned, I have this running fine on Debian, with its own unique key. It's not essential to me, so if I'm going to use it, it won't be until I've secured it.

Each to their own, though, of course.

Offline

Board footer

Powered by FluxBB