On Tue, Jun 30, 2009 at 6:49 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote: > On Mon, 2009-06-29 at 15:20 +1000, L wrote: >> On Mon, Jun 29, 2009 at 11:11 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote: >> > On Mon, 2009-06-29 at 10:33 +1000, L wrote: >> >> On Mon, Jun 29, 2009 at 10:18 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote: >> >> > On Mon, 2009-06-29 at 10:03 +1000, L wrote: >> >> >> I I set up a nxserver at remote PC (F10 2.6.27.25-170.2.72.fc10.i686), >> >> >> followed all steps, shipped key from server to client. tried login >> >> >> from client to sever as >> >> >> >> >> >> >> >> >> ssh -i /usr/NX/share/keys/user.id_dsa.key nx@server >> >> >> ssh -l USER1 server >> >> >> >> >> >> all work. >> >> >> >> >> >> when I login via nxclient, after pass steps Connected, download >> >> >> session, it failed with errors: >> >> > ---- >> >> > problem is with USER1 account. >> >> > >> >> > nxuser only creates an ssh tunnel. Once that tunnel is created another >> >> > connection for nxsession is started and this user must exist on the >> >> > system and the password must be correct. I am not aware that this user >> >> > can use a public key authentication. >> >> > >> >> > Craig >> >> >> >> thanks for your reply, as you see, USER1 can login via ssh to server. >> >> the pssword for users must be right. >> >> >> >> where should I look for error to fix it? >> > ---- >> > I would start with the suggestions given in your own error report... >> > >> > NX> 502 ERROR: Public key authentication failed >> > NX> 502 ERROR: NX server was unable to login as user: USER1 >> > NX> 502 ERROR: Please check that the account is enabled to login, >> > NX> 502 ERROR: the user's home directory, the directory ~/.ssh >> > NX> 502 ERROR: and the file ~/.ssh/authorized_keys2 have correct >> > NX> 502 ERROR: permissions setting according to the StrictModes >> > NX> 502 ERROR: of your SSHD configuration. >> > >> > make sure that /home/USER1/.ssh/authorized_keys2 is 600 permissions >> > and /home/USER1/.ssh is 755 but I if I were to guess, USER1 does not >> > have a valid shell >> > >> > Craig >> >> thanks, after change permissions on them, the error message change to >> >> Authentication to NX node failed. >> >> see below >> >> NX> 203 NXSSH running with pid: 13927 >> NX> 285 Enabling check on switch command >> NX> 285 Enabling skip of SSH config files >> NX> 285 Setting the preferred NX options >> NX> 200 Connected to address: 202.118.163.85 on port: 22 >> NX> 202 Authenticating user: nx >> NX> 208 Using auth method: publickey >> HELLO NXSERVER - Version 3.3.0-22 - LFE >> NX> 105 Hello NXCLIENT - Version 3.3.0 >> NX> 134 Accepted protocol: 3.3.0 >> NX> 105 Set shell_mode: shell >> NX> 105 Set auth_mode: password >> NX> 105 Login >> NX> 101 User: test >> NX> 102 Password: **** >> NX> 103 Welcome to: localhost.localdomain user: test >> NX> 105 Listsession --user="test" --status="suspended\054running" >> --geometry="1280x1024x24+render" --type="unix-application" >> NX> 127 Available sessions: >> >> Display Type Session ID Options >> Depth Screen Status Session Name >> ------- ---------------- -------------------------------- -------- >> ----- -------------- ----------- ------------------------------ >> >> NX> 148 Server capacity: not reached for user: test >> NX> 105 Start session with: --rootless="1" --virtualdesktop="0" >> --application="xterm" --link="adsl" --backingstore="1" --cache="16M" >> --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" >> --media="0" --session="neau" --type="unix-application" >> --client="linux" --keyboard="pc105\057us" >> --screeninfo="1280x1024x24+render" >> NX> 596 ERROR: Authentication to NX node failed. >> NX> 280 Exiting on signal: 15 > ---- > OK, now you have changed from USER1 to test > > That is OK but what is shell for test? > let stay with USER1, user test was newly created to check if a new user can login the shell for USER1 is bash line from /etc/passwd USER1:x:503:504::/home/USER1:/bin/bash > grep test /etc/passwd > > is it /bin/sh or /bin/bash? > > Can user 'test' login at the console? YES, USERs can login. Here are section of /var/log/secure part for ssh login Jun 30 07:12:54 localhost sshd[25852]: debug1: Forked child 31674. Jun 30 07:12:54 localhost sshd[31674]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Jun 30 07:12:54 localhost sshd[31674]: debug1: inetd sockets after dupping: 3, 3 Jun 30 07:12:54 localhost sshd[31674]: Connection from 127.0.0.1 port 52180 Jun 30 07:12:54 localhost sshd[31674]: debug1: Client protocol version 2.0; client software version OpenSSH_4.7 Jun 30 07:12:54 localhost sshd[31674]: debug1: match: OpenSSH_4.7 pat OpenSSH_4* Jun 30 07:12:54 localhost sshd[31674]: debug1: Enabling compatibility mode for protocol 2.0 Jun 30 07:12:54 localhost sshd[31674]: debug1: Local version string SSH-2.0-OpenSSH_5.1 Jun 30 07:12:54 localhost sshd[31674]: debug2: fd 3 setting O_NONBLOCK Jun 30 07:12:54 localhost sshd[31674]: debug2: Network child is on pid 31675 Jun 30 07:12:54 localhost sshd[31675]: debug1: permanently_set_uid: 74/74 Jun 30 07:12:54 localhost sshd[31675]: debug1: list_hostkey_types: ssh-rsa,ssh-dss Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEXINIT sent Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEXINIT received Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: first_kex_follows 0 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: reserved 0 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: first_kex_follows 0 Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: reserved 0 Jun 30 07:12:54 localhost sshd[31675]: debug2: mac_setup: found hmac-md5 Jun 30 07:12:54 localhost sshd[31675]: debug1: kex: client->server aes128-cbc hmac-md5 none Jun 30 07:12:54 localhost sshd[31675]: debug2: mac_setup: found hmac-md5 Jun 30 07:12:54 localhost sshd[31675]: debug1: kex: server->client aes128-cbc hmac-md5 none Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 0 used once, disabling now Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent Jun 30 07:12:54 localhost sshd[31675]: debug2: dh_gen_key: priv key bits set: 133/256 Jun 30 07:12:54 localhost sshd[31675]: debug2: bits set: 505/1024 Jun 30 07:12:54 localhost sshd[31675]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT Jun 30 07:12:54 localhost sshd[31675]: debug2: bits set: 492/1024 Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_derive_keys Jun 30 07:12:54 localhost sshd[31675]: debug2: set_newkeys: mode 1 Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_NEWKEYS sent Jun 30 07:12:54 localhost sshd[31675]: debug1: expecting SSH2_MSG_NEWKEYS Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 5 used once, disabling now Jun 30 07:12:54 localhost sshd[31675]: debug2: set_newkeys: mode 0 Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_NEWKEYS received Jun 30 07:12:54 localhost sshd[31675]: debug1: KEX done Jun 30 07:12:54 localhost sshd[31675]: debug1: userauth-request for user USER1 service ssh-connection method none Jun 30 07:12:54 localhost sshd[31675]: debug1: attempt 0 failures 0 Jun 30 07:12:54 localhost sshd[31674]: debug2: parse_server_config: config reprocess config len 696 Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request: setting up authctxt for USER1 Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request: try method none Jun 30 07:12:54 localhost sshd[31675]: debug1: userauth-request for user USER1 service ssh-connection method password Jun 30 07:12:54 localhost sshd[31675]: debug1: attempt 1 failures 0 Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 7 used once, disabling now Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request: try method password Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: initializing for "USER1" Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: setting PAM_RHOST to "localhost.localdomain" Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: setting PAM_TTY to "ssh" Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 46 used once, disabling now Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 3 used once, disabling now Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 4 used once, disabling now Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: password authentication accepted for USER1 Jun 30 07:12:54 localhost sshd[31674]: debug1: do_pam_account: called Jun 30 07:12:54 localhost sshd[31674]: Accepted password for USER1 from 127.0.0.1 port 52180 ssh2 Jun 30 07:12:54 localhost sshd[31674]: debug1: monitor_child_preauth: USER1 has been authenticated by privileged process Jun 30 07:12:54 localhost sshd[31674]: debug2: mac_setup: found hmac-md5 Jun 30 07:12:54 localhost sshd[31674]: debug2: mac_setup: found hmac-md5 Jun 30 07:12:54 localhost sshd[31674]: debug1: temporarily_use_uid: 503/504 (e=0/0) Jun 30 07:12:54 localhost sshd[31674]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism Jun 30 07:12:54 localhost sshd[31674]: debug1: restore_uid: 0/0 Jun 30 07:12:54 localhost sshd[31674]: debug1: SELinux support disabled Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: establishing credentials Jun 30 07:12:54 localhost sshd[31674]: pam_unix(sshd:session): session opened for user USER1 by (uid=0) Jun 30 07:12:54 localhost sshd[31676]: debug1: PAM: establishing credentials Jun 30 07:12:54 localhost sshd[31676]: debug1: permanently_set_uid: 503/504 Jun 30 07:12:54 localhost sshd[31676]: debug2: set_newkeys: mode 0 Jun 30 07:12:54 localhost sshd[31676]: debug2: set_newkeys: mode 1 Jun 30 07:12:54 localhost sshd[31676]: debug1: Entering interactive session for SSH2. Jun 30 07:12:54 localhost sshd[31676]: debug2: fd 4 setting O_NONBLOCK Jun 30 07:12:54 localhost sshd[31676]: debug2: fd 6 setting O_NONBLOCK Jun 30 07:12:54 localhost sshd[31676]: debug1: server_init_dispatch_20 Jun 30 07:12:54 localhost sshd[31674]: User child is on pid 31676 Jun 30 07:12:54 localhost sshd[31676]: Connection closed by 127.0.0.1 Jun 30 07:12:54 localhost sshd[31676]: debug1: do_cleanup Jun 30 07:12:54 localhost sshd[31676]: Transferred: sent 1768, received 1184 bytes Jun 30 07:12:54 localhost sshd[31676]: Closing connection to 127.0.0.1 port 52180 Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: cleanup Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: deleting credentials Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: closing session Jun 30 07:12:54 localhost sshd[31674]: pam_unix(sshd:session): session closed for user USER1 part for NX login Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read<=0 rfd 11 len 0 Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read failed Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: close_read Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: input open -> drain Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: ibuf_empty delayed efd 13/(0) Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read 0 from efd 13 Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: closing read-efd 13 Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: ibuf empty Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send eof Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: input drain -> closed Jun 30 07:12:58 localhost sshd[31631]: debug1: Received SIGCHLD. Jun 30 07:12:58 localhost sshd[31631]: debug1: session_by_pid: pid 31632 Jun 30 07:12:58 localhost sshd[31631]: debug1: session_exit_message: session 0 channel 0 pid 31632 Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: request exit-status confirm 0 Jun 30 07:12:58 localhost sshd[31631]: debug1: session_exit_message: release channel 0 Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: write failed Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: close_write Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send eow Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: output open -> closed Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send close Jun 30 07:12:58 localhost sshd[31631]: debug2: notify_done: reading Jun 30 07:12:58 localhost sshd[31631]: Connection closed by xx.xx.xx.xx Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 0: free: server-session, nchannels 3 Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 1: free: X11 inet listener, nchannels 2 Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 2: free: X11 inet listener, nchannels 1 Jun 30 07:12:58 localhost sshd[31631]: debug1: session_close: session 0 pid 0 Jun 30 07:12:58 localhost sshd[31631]: debug1: do_cleanup Jun 30 07:12:58 localhost sshd[31631]: Transferred: sent 3768, received 2432 bytes Jun 30 07:12:58 localhost sshd[31631]: Closing connection to xx.xx.xx.xx port 54515 Jun 30 07:12:58 localhost sshd[31628]: debug1: PAM: cleanup Jun 30 07:12:58 localhost sshd[31628]: debug1: PAM: deleting credentials Jun 30 07:12:59 localhost sshd[31628]: debug1: PAM: closing session Jun 30 07:12:59 localhost sshd[31628]: pam_unix(sshd:session): session closed for user nx > > Craig > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines > -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
