[request] FreeNX

DXManiac · 2005-01-26 15:13:34

ARGH!

I just found one mistake in the installation process..

I always installed nxserver with the nomachine key, so I didn't realize that it doesn't create a custom key for the machine(instead of the nomachine one).

installing freenx-server... done.
/usr/NX/bin/nxsetup: line 45: /etc/init.d/ssh: No such file or directory
passwd: Unknown user nx

looks as if the installation just stops there... and doesn't create the nx user and who knows what else just fails

So it's really time to replace /etc/init.d/ssh with /etc/rc.d/sshd..

I'm building a new package right now and test it again

DXManiac · 2005-01-26 15:16:43

tomk wrote:

DXManiac wrote:
pacman -A freenx-server-1.4.0-1.pkg.tar.gz
[b]/usr/NX/bin/nxsetup --setup-nomachine-key[/b]
/usr/NX/bin/nxserver --adduser anaumann
/usr/NX/bin/nxserver --passwd anaumann
Are none of you bothered by the security warning?
  --setup-nomachine-key   Allow login with the key shipped with the NoMachine client. This can be a security risk. So it is not recommended. Use this option on your own risk.
As mentioned, I have this running fine on Debian, with its own unique key. It's not essential to me, so if I'm going to use it, it won't be until I've secured it.
Each to their own, though, of course.

Oh, of course.. That MIGHT be a security issue, running the server with the default key.. But all I've done until now was playing around with it and I didn't want to push around a new key every time I install a new version of the package.

Using the default key is definitely a bad idea, that's why the package installs a custom key by default.

I thought you meant the lock/unlocked user thing.

tomk · 2005-01-26 15:31:22

DXManiac wrote:

it doesn't create a custom key for the machine.

Alright - that could explain my problem.

DXManiac wrote:

and doesn't create the nx user

Nah, it does that.

Are you changing the PKGBUILD only, or the .install as well?

DXManiac · 2005-01-26 15:37:32

tomk wrote:

DXManiac wrote:
it doesn't create a custom key for the machine.
Alright - that could explain my problem.
DXManiac wrote:
and doesn't create the nx user
Nah, it does that.
Are you changing the PKGBUILD only, or the .install as well?

Hmmm.. I just tried to install it and nxsetup simply stopped after it couldn't find the script to start the sshd... Yours might be running already, my sshd is off by default(I'm building the packages on my laptop/workstation where I don't need an running sshd)..

Apart from a few echos, the .install file doesn't do any more than this:

        /usr/NX/bin/nxsetup 2>&1 >/dev/null
        passwd 2>&1 >/dev/null -u nx

morphus · 2005-01-26 18:40:01

Why don't you start the sshd before this script?

Or if sshd fails you just say that the user should run the following commands after he started ssh?

DXManiac · 2005-01-26 20:02:25

morphus wrote:

Why don't you start the sshd before this script?
Or if sshd fails you just say that the user should run the following commands after he started ssh?

It's not my decision to make, nxsetup checks if there's an sshd running..

and if it already does so, I don't think, I should start any major changes on the freenx software other than telling it where the startscript for sshd is..

but after building another package, I found out that there is something pretty b0rken there with the whole key handling thing.. Using the nomachine key works, but it doesn't work with a custom key..

I know, you've been telling me several times, but I didn't want to believe it would make such a difference between generating a key and using the nomachine key.. So now I have something to do for tomorrow, fixing that

This is almost like work.. I should start getting paid to make archlinux packages It's challenging AND fun

Benedict_White · 2005-01-27 12:35:01

For one reason or another whenever I do a makepkg I always write the output to a logfile and if I wan't to watch it, I tail -f the log file.

I noticed this in the makepkg for freenx-server which is a bit odd:

OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: doc
PAM support: no
KerberosIV support: no
KerberosV support: no
Smartcard support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY

I wondered if that is causing some of the problems.

DXManiac · 2005-01-27 20:59:05

Benedict_White wrote:

For one reason or another whenever I do a makepkg I always write the output to a logfile and if I wan't to watch it, I tail -f the log file.
I noticed this in the makepkg for freenx-server which is a bit odd:
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: doc
PAM support: no
KerberosIV support: no
KerberosV support: no
Smartcard support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
I wondered if that is causing some of the problems.

You might have a point there
Actually, there are 3 autoconf'ed packages in FreeNX.. all of which I just configured(as in the gentoo instructions) with just "./configure" which defaults to /usr/local for the prefix..

I'm currently rebuilding those three packages with /usr/NX as the prefix.. Maybe that fixes some problems, we'll see

Benedict_White · 2005-01-27 21:47:16

DXManiac wrote:

I'm currently rebuilding those three packages with /usr/NX as the prefix.. Maybe that fixes some problems, we'll see

Let us know how it gets on.

I suspect all the packages need the same sort of attention.

DXManiac · 2005-01-28 00:46:00

Ok, almost 2am here in Germany, time for bed, I guess..

But I might be onto something.

As far as I can see, all freenx components build cleanly now, but nxsetup only generates the client and server keys but does not add them to ~nx/.ssh/authorized_keys2

because of that, public key authentication will fail..

and again: I guess

I'll make further investigations tomorrow, but I'm quite confident that that's about the only thing that prevents people from logging in with custom keys.

DXManiac · 2005-02-03 15:10:18

Ok, I took some time off and spent it with other things

Sometimes, it take a little distance to view things from a different perspective and I guess, I've found the problem with the custom keys in the package

I'm building a new one in the background to see if it works, I'll let you know.

Benedict_White · 2005-02-03 15:17:03

As it happens so have I (been taking time out to deal with "other issues").

I'd be very interested in knowing what happens, and will test the setup for you as well.

DXManiac · 2005-02-03 16:25:08

Hey, that's great, I just uploaded the binary package to my webserver..

The last time I said I was finished, there were issues on other people's machines as well, let's see how this turns out

I forgot to copy the server-key(which was properly generated) to the authorized_keys-file for the nx user so that you can log in with public key authentification.

I fixed that one and now it works with user-generated keys right out of the box.. for me

Here's the PKGBUILD,
the updated install script and finally and hopefully,
the new binary package

Cheers,
DXManiac

tomk · 2005-02-08 12:23:34

Hey DX - thanks for perservering with this.

I've just installed your package on my laptop at home, and I'm trying to connect to it from a Windoze machine at work. As I've mentioned before, this procedure works fine from the same Windoze box to my Ubuntu desktop at home.

The keys were generated successfully on install, and Iv'e copied the client key from the laptop to the NX system directory on Windoze. I've also done

nxserver --adduser <me>
nxserver --passwd <me>

I have a separate SSH session into the laptop, running

tail -f /var/log/auth

so I can see what's happening.

The good news is that the key is now being accepted i.e. the log says

Feb  8 11:29:45 tk-i5ka sshd[1843]: Accepted publickey for nx from 1.2.3.4 port 32886 ssh2

After that, the NX client tells me that I've been authenticated, and then (after a long wait), the connection times out. The following log info is available from the client:

NX> 203 NXSSH running with pid: 1732
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 200 Connected to address: 127.0.0.1 on port: 2222
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 1.4.0-02 OS_(GPL)
NX> 105 hello NXCLIENT - Version 1.4.0
NX> 134 Accepted protocol: 1.4.0
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: tomk
NX> 102 Password: 
NX> 103 Welcome to: tk-i5ka user: tomk
NX> 105 listsession --user="tomk" --status="Suspended","Running" --geometry="1024x768x32+render" --type="unix-console"
NX> 127 Sessions list of user 'tomk' for reconnect:

Display Type             Session ID                       Options  Depth Screen         Status      Session Name
 ------- ---------------- -------------------------------- -------- ----- -------------- ----------- ------------------------------


NX> 148 Server capacity: not reached for user: tomk
NX> 105 startsession --session="tk-i5ka-new" --type="unix-application" --application="" --cache="8M" --images="32M" --cookie="8dcb591cece8b536a227218b9fa3a7c1" --link="adsl" --virtualdesktop="1" --kbtype="pc102/us" --nodelay="1" --encryption="1" --backingstore="never" --geometry="fullscreen" --media="0" --agent_server="" --agent_user="" --agent_password=""  --screeninfo="1024x768x32+render"

ssh_exchange_identification: Connection closed by remote host
NX> 105

There are no further log entries in /var/log/auth.

In comparison, a successful session on the Ubuntu machine creates the following logs:

/var/log/auth

Feb  8 11:21:40 localhost sshd[9513]: Accepted publickey for nx from ::ffff:1.2.3.4 port 32879 ssh2
Feb  8 11:21:40 localhost sshd[9517]: (pam_unix) session opened for user nx by (uid=0)
Feb  8 11:21:42 localhost sshd[9540]: Accepted keyboard-interactive/pam for tomk from ::ffff:127.0.0.1 port 49393 ssh2
Feb  8 11:21:42 localhost sshd[9543]: (pam_unix) session opened for user tomk by (uid=0)
Feb  8 11:21:42 localhost sshd[9543]: (pam_unix) session closed for user tomk
Feb  8 11:21:43 localhost sshd[9604]: Accepted keyboard-interactive/pam for tomk from ::ffff:127.0.0.1 port 49395 ssh2
Feb  8 11:21:43 localhost sshd[9607]: (pam_unix) session opened for user tomk by (uid=0)

client log

NX> 203 NXSSH running with pid: 1696
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 200 Connected to address: 127.0.0.1 on port: 222
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 1.4.0-02 OS_(GPL)
NX> 105 hello NXCLIENT - Version 1.4.0
NX> 134 Accepted protocol: 1.4.0
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: tomk
NX> 102 Password: 
NX> 103 Welcome to: TK-GW2 user: tomk
NX> 105 listsession --user="tomk" --status="Suspended","Running" --geometry="1024x768x32+render" --type="unix-gnome"
NX> 127 Sessions list of user 'tomk' for reconnect:

Display Type             Session ID                       Options  Depth Screen         Status      Session Name
 ------- ---------------- -------------------------------- -------- ----- -------------- ----------- ------------------------------


NX> 148 Server capacity: not reached for user: tomk
NX> 105 startsession --session="TK-GW2" --type="unix-gnome" --cache="8M" --images="32M" --cookie="8dcb591cece8b536a227218b9fa3a7c1" --link="adsl" --kbtype="pc102/us" --nodelay="1" --encryption="1" --backingstore="when_requested" --geometry="fullscreen" --media="0" --agent_server="" --agent_user="" --agent_password=""  --screeninfo="1024x768x32+render"

NX> 1000 NXNODE - Version 1.4.0-02 "OS_(GPL)"
NX> 700 Session id: TK-GW2-1000-399288EA61C778287464B71F0996159A
NX> 705 Session display: 1000
NX> 703 Session type: unix-gnome
NX> 701 Proxy cookie: 144c63ab8a820c24157cc4e37aad2b16
NX> 702 Proxy IP: 127.0.0.1
NX> 706 Agent cookie: 8dcb591cece8b536a227218b9fa3a7c1
NX> 704 Session cache: unix-gnome
NX> 707 SSL tunneling: 1
NX> 710 Session status: running
NX> 1002 Commit
NX> 1006 Session status: running
NX> 105 bye
Bye
NX> 999 Bye
NX> 285 Identified host: localhost port: 1081
NX> 285 Identified cookie: 144c63ab8a820c24157cc4e37aad2b16

NX> 291 Connecting to: localhost:1081
NX> 285 Sending authentication cookie: 144C63AB8A820C24157CC4E37AAD2B16
NX> 285 Switching descriptors: 4 and: 5 to: 7

NX> 287 Redirected I/O to channel descriptors

Apart from the obvious differences between an Ubuntu desktop and an Arch laptop, there are two that may be significant here:

1. On the Ubuntu box

nxserver --adduser <me>
nxserver --passwd <me>

is not required - authentication is handled by PAM. A message to that effect was echoed on the screen during nxsetup. I'm not an expert on scripting, but I believe that is controlled by the line

ENABLE_PAM_AUTHENTICATION="1"

in the nxserver script, and oddly enough, that appears on both boxes. Feel free to correct me if I'm on the wrong track here.

2. The laptop is on one end of an IPSEC tunnel. I doubt if this is relevant here, as I can run SSH, VNC, NFS, etc connections to/from the laptop with no problem, but I thought I'd mention it anyway.

I've just realised I've gone on a bit here - I just wanted you to know that your work is really appreciated. It seems very likely that your package is working fine, and that something small needs to be fixed on my laptop. If I come across it, I'll post again.

DXManiac · 2005-02-08 18:42:55

On your "broken" machine, the NX-log says:

tomk wrote:

NX> 105 startsession --session="tk-i5ka-new" --type="unix-application" --application="" --cache="8M" --images="32M" --cookie="8dcb591cece8b536a227218b9fa3a7c1" --link="adsl" --virtualdesktop="1" --kbtype="pc102/us" --nodelay="1" --encryption="1" --backingstore="never" --geometry="fullscreen" --media="0" --agent_server="" --agent_user="" --agent_password=""  --screeninfo="1024x768x32+render"

While on the Ubuntu-box, it says:

tomk wrote:

NX> 105 startsession --session="TK-GW2" --type="unix-gnome" --cache="8M" --images="32M" --cookie="8dcb591cece8b536a227218b9fa3a7c1" --link="adsl" --kbtype="pc102/us" --nodelay="1" --encryption="1" --backingstore="when_requested" --geometry="fullscreen" --media="0" --agent_server="" --agent_user="" --agent_password=""  --screeninfo="1024x768x32+render"

The NXclient has settings for the "session type"..
I haven't got a client at hand right now, but when set to "unix-gnome" it starts a complete gnome session with panel, windowmanager and all the bells and whistles..

The session type for your laptop session is set to "unix-application"...
I haven't used that yet.. Are you starting an actual application with that?
If not, the nxclient ends up waiting for data to display and there's nothing coming up, because there's no running program.. Just a guess, haven't tried that yet.

tomk wrote:

nxserver --adduser <me>
nxserver --passwd <me>
is not required - authentication is handled by PAM. A message to that effect was echoed on the screen during nxsetup. I'm not an expert on scripting, but I believe that is controlled by the line
ENABLE_PAM_AUTHENTICATION="1"
in the nxserver script, and oddly enough, that appears on both boxes. Feel free to correct me if I'm on the wrong track here.

You're perfectly right there.. And PAM authentication is enabled by default, so the adduser-thingie was more or less useless, just my weak attempt to resolve that public key authentication issue

So maybe you might want to try out to change the session type on your client and see if it works any better.

DXManiac · 2005-02-08 21:45:00

DXManiac wrote:

The session type for your laptop session is set to "unix-application"...
I haven't used that yet.. Are you starting an actual application with that?
If not, the nxclient ends up waiting for data to display and there's nothing coming up, because there's no running program.. Just a guess, haven't tried that yet.

I just tried it and added "ion", my preferred window manager to a "unix-application" session and it worked..
Grrr.. I should have tried it with NO application
Ok, another task for tomorrow

tomk · 2005-02-09 09:30:30

DXManiac wrote:

The NXclient has settings for the "session type"..
I haven't got a client at hand right now, but when set to "unix-gnome" it starts a complete gnome session with panel, windowmanager and all the bells and whistles.
The session type for your laptop session is set to "unix-application"...
I haven't used that yet.

Right, I'm looking at the client at the moment. The laptop runs xfce4, so in the Desktop section, I pick Unix/Custom - the other options being KDE, Gnome, and CDE. I reckon I need to play with the Settings options - at the moment, it's set to "Run default X client script on server". I'll change it to "Run the following command" and specify startxfce4 - or maybe .xinitrc?

DXManiac wrote:

I just tried it and added "ion", my preferred window manager to a "unix-application" session and it worked..

How exactly did you add ion?

tomk · 2005-02-09 10:35:49

tomk wrote:

How exactly did you add ion?

Forget that question. I worked it out, and I've now tried startxfce4, .xinitrc, twm, and xterm as the specified application - all with no success. All logs as before, except the client log now says e.g.

application="startxfce4"

instead of

application = ""

For something that's far from essential, this is really beginning to annoy me!

DXManiac · 2005-02-10 10:01:58

tomk wrote:

application="startxfce4"
instead of
application = ""
For something that's far from essential, this is really beginning to annoy me!

Hmmm.. As I said, it works fine for me with ion...

In /usr/NX/bin/nxserver, there's a line to enable a logfile.. maybe you can find some hints in there...

NX_LOGGING=0
NX_LOGFILE=/tmp/nxserver.log

DJayC · 2005-02-10 15:51:47

When I run nxclient it just sits there.. no window pops up or anything. I'm running nxclient on another Arch machine using the same package the server came out of.

Any ideas?

DXManiac · 2005-02-10 16:00:12

DJayC wrote:

When I run nxclient it just sits there.. no window pops up or anything. I'm running nxclient on another Arch machine using the same package the server came out of.
Any ideas?

Yes.. And the right one as well, I guess
I haven't put any effort into making the FreeNX-client work.. That's why the package is called "freenx-server".

You might want to try the NoMachine.com nxclient
Or I'll hack up a NoMachine.com nxclient-package
Or I'll make the FreeNX-client work..

But before I start something new, I'd like to resolve any issues with the nxserver..

Working on the client when the server still has some serious problems doesn't sound like a good idea to me

DJayC · 2005-02-10 16:15:13

Yeah I just noticed that the nxclient is just a script. I downloaded the client from NoMachine.com, but it's got a problem with the version of libstdc++. It's looking for:

libstdc++-libc6.2-2.so.3

I don't see anything like that on my system.. gcc and glibc are up to date too. This is with the statically linked version off of NoMachine.com. They only statically linked the libs that might not be found on most systems though, not every lib. Any ideas where to go from here?

jochen · 2005-02-10 16:33:26

DJayC wrote:

Yeah I just noticed that the nxclient is just a script. I downloaded the client from NoMachine.com, but it's got a problem with the version of libstdc++. It's looking for:
libstdc++-libc6.2-2.so.3
I don't see anything like that on my system.. gcc and glibc are up to date too. This is with the statically linked version off of NoMachine.com. They only statically linked the libs that might not be found on most systems though, not every lib. Any ideas where to go from here?

Which package did you try? If I remember correctly, I installed the rpm for SuSE 9.1 which works with arch.

DJayC · 2005-02-10 16:38:48

I just got the static one. How'd you install an RPM with arch? Did you use rpmunpack?

jochen · 2005-02-10 16:45:43

I used rpm2targz, shouldn't be a problem to do it with rpmunpack. I only copied the contents to / but it would be better to write a small PKGBUILD which does the work.

Arch Linux

#51 2005-01-26 15:13:34

Re: [request] FreeNX

#52 2005-01-26 15:16:43

Re: [request] FreeNX

#53 2005-01-26 15:31:22

Re: [request] FreeNX

#54 2005-01-26 15:37:32

Re: [request] FreeNX

#55 2005-01-26 18:40:01

Re: [request] FreeNX

#56 2005-01-26 20:02:25

Re: [request] FreeNX

#57 2005-01-27 12:35:01

Re: [request] FreeNX

#58 2005-01-27 20:59:05

Re: [request] FreeNX

#59 2005-01-27 21:47:16

Re: [request] FreeNX

#60 2005-01-28 00:46:00

Re: [request] FreeNX

#61 2005-02-03 15:10:18

Re: [request] FreeNX

#62 2005-02-03 15:17:03

Re: [request] FreeNX

#63 2005-02-03 16:25:08

Re: [request] FreeNX

#64 2005-02-08 12:23:34

Re: [request] FreeNX

#65 2005-02-08 18:42:55

Re: [request] FreeNX

#66 2005-02-08 21:45:00

Re: [request] FreeNX

#67 2005-02-09 09:30:30

Re: [request] FreeNX

#68 2005-02-09 10:35:49

Re: [request] FreeNX

#69 2005-02-10 10:01:58

Re: [request] FreeNX

#70 2005-02-10 15:51:47

Re: [request] FreeNX

#71 2005-02-10 16:00:12

Re: [request] FreeNX

#72 2005-02-10 16:15:13

Re: [request] FreeNX

#73 2005-02-10 16:33:26

Re: [request] FreeNX

#74 2005-02-10 16:38:48

Re: [request] FreeNX

#75 2005-02-10 16:45:43

Re: [request] FreeNX

Board footer