Re: NX authentication error
- From: L <yuanlux@xxxxxxxxx>
- Date: Tue, 30 Jun 2009 09:26:54 +1000
On Tue, Jun 30, 2009 at 6:49 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote:
On Mon, 2009-06-29 at 15:20 +1000, L wrote:
On Mon, Jun 29, 2009 at 11:11 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote:----
On Mon, 2009-06-29 at 10:33 +1000, L wrote:
On Mon, Jun 29, 2009 at 10:18 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote:----
On Mon, 2009-06-29 at 10:03 +1000, L wrote:
I I set up a nxserver at remote PC (F10 2.6.27.25-170.2.72.fc10.i686),----
followed all steps, shipped key from server to client. tried login
from client to sever as
ssh -i /usr/NX/share/keys/user.id_dsa.key nx@server
ssh -l USER1 server
all work.
when I login via nxclient, after pass steps Connected, download
session, it failed with errors:
problem is with USER1 account.
nxuser only creates an ssh tunnel. Once that tunnel is created another
connection for nxsession is started and this user must exist on the
system and the password must be correct. I am not aware that this user
can use a public key authentication.
Craig
thanks for your reply, as you see, USER1 can login via ssh to server.
the pssword for users must be right.
where should I look for error to fix it?
I would start with the suggestions given in your own error report...
NX> 502 ERROR: Public key authentication failed
NX> 502 ERROR: NX server was unable to login as user: USER1
NX> 502 ERROR: Please check that the account is enabled to login,
NX> 502 ERROR: the user's home directory, the directory ~/.ssh
NX> 502 ERROR: and the file ~/.ssh/authorized_keys2 have correct
NX> 502 ERROR: permissions setting according to the StrictModes
NX> 502 ERROR: of your SSHD configuration.
make sure that /home/USER1/.ssh/authorized_keys2 is 600 permissions
and /home/USER1/.ssh is 755 but I if I were to guess, USER1 does not
have a valid shell
Craig
thanks, after change permissions on them, the error message change to
Authentication to NX node failed.
see below
NX> 203 NXSSH running with pid: 13927
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 202.118.163.85 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 3.3.0-22 - LFE
NX> 105 Hello NXCLIENT - Version 3.3.0
NX> 134 Accepted protocol: 3.3.0
NX> 105 Set shell_mode: shell
NX> 105 Set auth_mode: password
NX> 105 Login
NX> 101 User: test
NX> 102 Password: ****
NX> 103 Welcome to: localhost.localdomain user: test
NX> 105 Listsession --user="test" --status="suspended\054running"
--geometry="1280x1024x24+render" --type="unix-application"
NX> 127 Available sessions:
Display Type Session ID Options
Depth Screen Status Session Name
------- ---------------- -------------------------------- --------
----- -------------- ----------- ------------------------------
NX> 148 Server capacity: not reached for user: test
NX> 105 Start session with: --rootless="1" --virtualdesktop="0"
--application="xterm" --link="adsl" --backingstore="1" --cache="16M"
--images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1"
--media="0" --session="neau" --type="unix-application"
--client="linux" --keyboard="pc105\057us"
--screeninfo="1280x1024x24+render"
NX> 596 ERROR: Authentication to NX node failed.
NX> 280 Exiting on signal: 15
OK, now you have changed from USER1 to test
That is OK but what is shell for test?
let stay with USER1, user test was newly created to check if a new
user can login
the shell for USER1 is bash
line from /etc/passwd
USER1:x:503:504::/home/USER1:/bin/bash
grep test /etc/passwd
is it /bin/sh or /bin/bash?
Can user 'test' login at the console?
YES, USERs can login.
Here are section of /var/log/secure
part for ssh login
Jun 30 07:12:54 localhost sshd[25852]: debug1: Forked child 31674.
Jun 30 07:12:54 localhost sshd[31674]: debug1: rexec start in 5 out 5
newsock 5 pipe 7 sock 8
Jun 30 07:12:54 localhost sshd[31674]: debug1: inetd sockets after dupping: 3, 3
Jun 30 07:12:54 localhost sshd[31674]: Connection from 127.0.0.1 port 52180
Jun 30 07:12:54 localhost sshd[31674]: debug1: Client protocol version
2.0; client software version OpenSSH_4.7
Jun 30 07:12:54 localhost sshd[31674]: debug1: match: OpenSSH_4.7 pat OpenSSH_4*
Jun 30 07:12:54 localhost sshd[31674]: debug1: Enabling compatibility
mode for protocol 2.0
Jun 30 07:12:54 localhost sshd[31674]: debug1: Local version string
SSH-2.0-OpenSSH_5.1
Jun 30 07:12:54 localhost sshd[31674]: debug2: fd 3 setting O_NONBLOCK
Jun 30 07:12:54 localhost sshd[31674]: debug2: Network child is on pid 31675
Jun 30 07:12:54 localhost sshd[31675]: debug1: permanently_set_uid: 74/74
Jun 30 07:12:54 localhost sshd[31675]: debug1: list_hostkey_types:
ssh-rsa,ssh-dss
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEXINIT sent
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEXINIT received
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
none,zlib@xxxxxxxxxxx
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
none,zlib@xxxxxxxxxxx
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
first_kex_follows 0
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: reserved 0
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
none,zlib@xxxxxxxxxxx,zlib
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
none,zlib@xxxxxxxxxxx,zlib
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
first_kex_follows 0
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: reserved 0
Jun 30 07:12:54 localhost sshd[31675]: debug2: mac_setup: found hmac-md5
Jun 30 07:12:54 localhost sshd[31675]: debug1: kex: client->server
aes128-cbc hmac-md5 none
Jun 30 07:12:54 localhost sshd[31675]: debug2: mac_setup: found hmac-md5
Jun 30 07:12:54 localhost sshd[31675]: debug1: kex: server->client
aes128-cbc hmac-md5 none
Jun 30 07:12:54 localhost sshd[31675]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 0 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Jun 30 07:12:54 localhost sshd[31675]: debug2: dh_gen_key: priv key
bits set: 133/256
Jun 30 07:12:54 localhost sshd[31675]: debug2: bits set: 505/1024
Jun 30 07:12:54 localhost sshd[31675]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT
Jun 30 07:12:54 localhost sshd[31675]: debug2: bits set: 492/1024
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_derive_keys
Jun 30 07:12:54 localhost sshd[31675]: debug2: set_newkeys: mode 1
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_NEWKEYS sent
Jun 30 07:12:54 localhost sshd[31675]: debug1: expecting SSH2_MSG_NEWKEYS
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 5 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31675]: debug2: set_newkeys: mode 0
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_NEWKEYS received
Jun 30 07:12:54 localhost sshd[31675]: debug1: KEX done
Jun 30 07:12:54 localhost sshd[31675]: debug1: userauth-request for
user USER1 service ssh-connection method none
Jun 30 07:12:54 localhost sshd[31675]: debug1: attempt 0 failures 0
Jun 30 07:12:54 localhost sshd[31674]: debug2: parse_server_config:
config reprocess config len 696
Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request:
setting up authctxt for USER1
Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request:
try method none
Jun 30 07:12:54 localhost sshd[31675]: debug1: userauth-request for
user USER1 service ssh-connection method password
Jun 30 07:12:54 localhost sshd[31675]: debug1: attempt 1 failures 0
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 7 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request:
try method password
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: initializing for "USER1"
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: setting PAM_RHOST
to "localhost.localdomain"
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: setting PAM_TTY to "ssh"
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 46 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 3 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 4 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: password
authentication accepted for USER1
Jun 30 07:12:54 localhost sshd[31674]: debug1: do_pam_account: called
Jun 30 07:12:54 localhost sshd[31674]: Accepted password for USER1
from 127.0.0.1 port 52180 ssh2
Jun 30 07:12:54 localhost sshd[31674]: debug1: monitor_child_preauth:
USER1 has been authenticated by privileged process
Jun 30 07:12:54 localhost sshd[31674]: debug2: mac_setup: found hmac-md5
Jun 30 07:12:54 localhost sshd[31674]: debug2: mac_setup: found hmac-md5
Jun 30 07:12:54 localhost sshd[31674]: debug1: temporarily_use_uid:
503/504 (e=0/0)
Jun 30 07:12:54 localhost sshd[31674]: debug1: ssh_gssapi_storecreds:
Not a GSSAPI mechanism
Jun 30 07:12:54 localhost sshd[31674]: debug1: restore_uid: 0/0
Jun 30 07:12:54 localhost sshd[31674]: debug1: SELinux support disabled
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: establishing credentials
Jun 30 07:12:54 localhost sshd[31674]: pam_unix(sshd:session): session
opened for user USER1 by (uid=0)
Jun 30 07:12:54 localhost sshd[31676]: debug1: PAM: establishing credentials
Jun 30 07:12:54 localhost sshd[31676]: debug1: permanently_set_uid: 503/504
Jun 30 07:12:54 localhost sshd[31676]: debug2: set_newkeys: mode 0
Jun 30 07:12:54 localhost sshd[31676]: debug2: set_newkeys: mode 1
Jun 30 07:12:54 localhost sshd[31676]: debug1: Entering interactive
session for SSH2.
Jun 30 07:12:54 localhost sshd[31676]: debug2: fd 4 setting O_NONBLOCK
Jun 30 07:12:54 localhost sshd[31676]: debug2: fd 6 setting O_NONBLOCK
Jun 30 07:12:54 localhost sshd[31676]: debug1: server_init_dispatch_20
Jun 30 07:12:54 localhost sshd[31674]: User child is on pid 31676
Jun 30 07:12:54 localhost sshd[31676]: Connection closed by 127.0.0.1
Jun 30 07:12:54 localhost sshd[31676]: debug1: do_cleanup
Jun 30 07:12:54 localhost sshd[31676]: Transferred: sent 1768,
received 1184 bytes
Jun 30 07:12:54 localhost sshd[31676]: Closing connection to 127.0.0.1
port 52180
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: cleanup
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: deleting credentials
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: closing session
Jun 30 07:12:54 localhost sshd[31674]: pam_unix(sshd:session): session
closed for user USER1
part for NX login
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read<=0 rfd 11 len 0
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read failed
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: close_read
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: input open -> drain
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: ibuf_empty
delayed efd 13/(0)
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read 0 from efd 13
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: closing read-efd 13
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: ibuf empty
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send eof
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: input drain -> closed
Jun 30 07:12:58 localhost sshd[31631]: debug1: Received SIGCHLD.
Jun 30 07:12:58 localhost sshd[31631]: debug1: session_by_pid: pid 31632
Jun 30 07:12:58 localhost sshd[31631]: debug1: session_exit_message:
session 0 channel 0 pid 31632
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: request
exit-status confirm 0
Jun 30 07:12:58 localhost sshd[31631]: debug1: session_exit_message:
release channel 0
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: write failed
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: close_write
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send eow
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: output open -> closed
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send close
Jun 30 07:12:58 localhost sshd[31631]: debug2: notify_done: reading
Jun 30 07:12:58 localhost sshd[31631]: Connection closed by xx.xx.xx.xx
Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 0: free:
server-session, nchannels 3
Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 1: free: X11
inet listener, nchannels 2
Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 2: free: X11
inet listener, nchannels 1
Jun 30 07:12:58 localhost sshd[31631]: debug1: session_close: session 0 pid 0
Jun 30 07:12:58 localhost sshd[31631]: debug1: do_cleanup
Jun 30 07:12:58 localhost sshd[31631]: Transferred: sent 3768,
received 2432 bytes
Jun 30 07:12:58 localhost sshd[31631]: Closing connection to
xx.xx.xx.xx port 54515
Jun 30 07:12:58 localhost sshd[31628]: debug1: PAM: cleanup
Jun 30 07:12:58 localhost sshd[31628]: debug1: PAM: deleting credentials
Jun 30 07:12:59 localhost sshd[31628]: debug1: PAM: closing session
Jun 30 07:12:59 localhost sshd[31628]: pam_unix(sshd:session): session
closed for user nx
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
- Follow-Ups:
- Re: NX authentication error
- From: Craig White
- Re: NX authentication error
- References:
- NX authentication error
- From: L
- Re: NX authentication error
- From: Craig White
- Re: NX authentication error
- From: L
- Re: NX authentication error
- From: Craig White
- Re: NX authentication error
- From: L
- Re: NX authentication error
- From: Craig White
- NX authentication error
- Prev by Date: Re: Desktop screwed up.
- Next by Date: Re: F10 -> F11 X server problem with /dev/fb0
- Previous by thread: Re: NX authentication error
- Next by thread: Re: NX authentication error
- Index(es):
Relevant Pages
|
