On Tue, 2009-06-30 at 09:26 +1000, L wrote: > On Tue, Jun 30, 2009 at 6:49 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote: > > On Mon, 2009-06-29 at 15:20 +1000, L wrote: > >> On Mon, Jun 29, 2009 at 11:11 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote: > >> > On Mon, 2009-06-29 at 10:33 +1000, L wrote: > >> >> On Mon, Jun 29, 2009 at 10:18 AM, Craig White<craigwhite@xxxxxxxxxxx> wrote: > >> >> > On Mon, 2009-06-29 at 10:03 +1000, L wrote: > >> >> >> I I set up a nxserver at remote PC (F10 2.6.27.25-170.2.72.fc10.i686), > >> >> >> followed all steps, shipped key from server to client. tried login > >> >> >> from client to sever as > >> >> >> > >> >> >> > >> >> >> ssh -i /usr/NX/share/keys/user.id_dsa.key nx@server > >> >> >> ssh -l USER1 server > >> >> >> > >> >> >> all work. > >> >> >> > >> >> >> when I login via nxclient, after pass steps Connected, download > >> >> >> session, it failed with errors: > >> >> > ---- > >> >> > problem is with USER1 account. > >> >> > > >> >> > nxuser only creates an ssh tunnel. Once that tunnel is created another > >> >> > connection for nxsession is started and this user must exist on the > >> >> > system and the password must be correct. I am not aware that this user > >> >> > can use a public key authentication. > >> >> > > >> >> > Craig > >> >> > >> >> thanks for your reply, as you see, USER1 can login via ssh to server. > >> >> the pssword for users must be right. > >> >> > >> >> where should I look for error to fix it? > >> > ---- > >> > I would start with the suggestions given in your own error report... > >> > > >> > NX> 502 ERROR: Public key authentication failed > >> > NX> 502 ERROR: NX server was unable to login as user: USER1 > >> > NX> 502 ERROR: Please check that the account is enabled to login, > >> > NX> 502 ERROR: the user's home directory, the directory ~/.ssh > >> > NX> 502 ERROR: and the file ~/.ssh/authorized_keys2 have correct > >> > NX> 502 ERROR: permissions setting according to the StrictModes > >> > NX> 502 ERROR: of your SSHD configuration. > >> > > >> > make sure that /home/USER1/.ssh/authorized_keys2 is 600 permissions > >> > and /home/USER1/.ssh is 755 but I if I were to guess, USER1 does not > >> > have a valid shell > >> > > >> > Craig > >> > >> thanks, after change permissions on them, the error message change to > >> > >> Authentication to NX node failed. > >> > >> see below > >> > >> NX> 203 NXSSH running with pid: 13927 > >> NX> 285 Enabling check on switch command > >> NX> 285 Enabling skip of SSH config files > >> NX> 285 Setting the preferred NX options > >> NX> 200 Connected to address: 202.118.163.85 on port: 22 > >> NX> 202 Authenticating user: nx > >> NX> 208 Using auth method: publickey > >> HELLO NXSERVER - Version 3.3.0-22 - LFE > >> NX> 105 Hello NXCLIENT - Version 3.3.0 > >> NX> 134 Accepted protocol: 3.3.0 > >> NX> 105 Set shell_mode: shell > >> NX> 105 Set auth_mode: password > >> NX> 105 Login > >> NX> 101 User: test > >> NX> 102 Password: **** > >> NX> 103 Welcome to: localhost.localdomain user: test > >> NX> 105 Listsession --user="test" --status="suspended\054running" > >> --geometry="1280x1024x24+render" --type="unix-application" > >> NX> 127 Available sessions: > >> > >> Display Type Session ID Options > >> Depth Screen Status Session Name > >> ------- ---------------- -------------------------------- -------- > >> ----- -------------- ----------- ------------------------------ > >> > >> NX> 148 Server capacity: not reached for user: test > >> NX> 105 Start session with: --rootless="1" --virtualdesktop="0" > >> --application="xterm" --link="adsl" --backingstore="1" --cache="16M" > >> --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" > >> --media="0" --session="neau" --type="unix-application" > >> --client="linux" --keyboard="pc105\057us" > >> --screeninfo="1280x1024x24+render" > >> NX> 596 ERROR: Authentication to NX node failed. > >> NX> 280 Exiting on signal: 15 > > ---- > > OK, now you have changed from USER1 to test > > > > That is OK but what is shell for test? > > > > > let stay with USER1, user test was newly created to check if a new > user can login > > the shell for USER1 is bash > > line from /etc/passwd > > USER1:x:503:504::/home/USER1:/bin/bash > > > grep test /etc/passwd > > > > > > is it /bin/sh or /bin/bash? > > > > Can user 'test' login at the console? > > YES, USERs can login. > > Here are section of /var/log/secure > > part for ssh login > > Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request: > try method password > Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: initializing for "USER1" > Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: setting PAM_RHOST > to "localhost.localdomain" > Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: setting PAM_TTY to "ssh" > Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 46 used > once, disabling now > Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 3 used > once, disabling now > Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 4 used > once, disabling now > Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: password > authentication accepted for USER1 > Jun 30 07:12:54 localhost sshd[31674]: debug1: do_pam_account: called > Jun 30 07:12:54 localhost sshd[31674]: Accepted password for USER1 > from 127.0.0.1 port 52180 ssh2 > Jun 30 07:12:54 localhost sshd[31674]: debug1: monitor_child_preauth: > USER1 has been authenticated by privileged process > Jun 30 07:12:54 localhost sshd[31674]: debug2: mac_setup: found hmac-md5 > Jun 30 07:12:54 localhost sshd[31674]: debug2: mac_setup: found hmac-md5 > Jun 30 07:12:54 localhost sshd[31674]: debug1: temporarily_use_uid: > 503/504 (e=0/0) > Jun 30 07:12:54 localhost sshd[31674]: debug1: ssh_gssapi_storecreds: > Not a GSSAPI mechanism > Jun 30 07:12:54 localhost sshd[31674]: debug1: restore_uid: 0/0 > Jun 30 07:12:54 localhost sshd[31674]: debug1: SELinux support disabled > Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: establishing credentials > Jun 30 07:12:54 localhost sshd[31674]: pam_unix(sshd:session): session > opened for user USER1 by (uid=0) > Jun 30 07:12:54 localhost sshd[31676]: debug1: PAM: establishing credentials > Jun 30 07:12:54 localhost sshd[31676]: debug1: permanently_set_uid: 503/504 > Jun 30 07:12:54 localhost sshd[31676]: debug2: set_newkeys: mode 0 > Jun 30 07:12:54 localhost sshd[31676]: debug2: set_newkeys: mode 1 > Jun 30 07:12:54 localhost sshd[31676]: debug1: Entering interactive > session for SSH2. > Jun 30 07:12:54 localhost sshd[31676]: debug2: fd 4 setting O_NONBLOCK > Jun 30 07:12:54 localhost sshd[31676]: debug2: fd 6 setting O_NONBLOCK > Jun 30 07:12:54 localhost sshd[31676]: debug1: server_init_dispatch_20 > Jun 30 07:12:54 localhost sshd[31674]: User child is on pid 31676 > Jun 30 07:12:54 localhost sshd[31676]: Connection closed by 127.0.0.1 > Jun 30 07:12:54 localhost sshd[31676]: debug1: do_cleanup > Jun 30 07:12:54 localhost sshd[31676]: Transferred: sent 1768, > received 1184 bytes > Jun 30 07:12:54 localhost sshd[31676]: Closing connection to 127.0.0.1 > port 52180 > Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: cleanup > Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: deleting credentials > Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: closing session > Jun 30 07:12:54 localhost sshd[31674]: pam_unix(sshd:session): session > closed for user USER1 > > part for NX login > > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read<=0 rfd 11 len 0 > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read failed > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: close_read > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: input open -> drain > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: ibuf_empty > delayed efd 13/(0) > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read 0 from efd 13 > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: closing read-efd 13 > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: ibuf empty > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send eof > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: input drain -> closed > Jun 30 07:12:58 localhost sshd[31631]: debug1: Received SIGCHLD. > Jun 30 07:12:58 localhost sshd[31631]: debug1: session_by_pid: pid 31632 > Jun 30 07:12:58 localhost sshd[31631]: debug1: session_exit_message: > session 0 channel 0 pid 31632 > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: request > exit-status confirm 0 > Jun 30 07:12:58 localhost sshd[31631]: debug1: session_exit_message: > release channel 0 > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: write failed > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: close_write > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send eow > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: output open -> closed > Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send close > Jun 30 07:12:58 localhost sshd[31631]: debug2: notify_done: reading > Jun 30 07:12:58 localhost sshd[31631]: Connection closed by xx.xx.xx.xx > Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 0: free: > server-session, nchannels 3 > Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 1: free: X11 > inet listener, nchannels 2 > Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 2: free: X11 > inet listener, nchannels 1 > Jun 30 07:12:58 localhost sshd[31631]: debug1: session_close: session 0 pid 0 > Jun 30 07:12:58 localhost sshd[31631]: debug1: do_cleanup > Jun 30 07:12:58 localhost sshd[31631]: Transferred: sent 3768, > received 2432 bytes > Jun 30 07:12:58 localhost sshd[31631]: Closing connection to > xx.xx.xx.xx port 54515 > Jun 30 07:12:58 localhost sshd[31628]: debug1: PAM: cleanup > Jun 30 07:12:58 localhost sshd[31628]: debug1: PAM: deleting credentials > Jun 30 07:12:59 localhost sshd[31628]: debug1: PAM: closing session > Jun 30 07:12:59 localhost sshd[31628]: pam_unix(sshd:session): session > closed for user nx ---- both ssh and nx sessions seem to do the same thing, sucessfully login and then disconnect immediately which always suggests to me that there is a problem with the login shell. seriously though, I think you believe you know what you are doing but I find your postings narrow and confused. 1 - I do not know if nxusers can actually use an authorized key to connect. It seems reasonable but I have never done this so I do not know. 2 - When you switched from USER1 to the test in the next mail back to USER1 in the next mail, I am starting to lose confidence that the conditions too aren't also changing as well. 3 - the sequence of events is consistent, nxuser creates the initial connection via sshd/pre-shared key and once the nxuser has connected, an attempt is made by another 'user' who must authenticate using his own username & password. As I said above and in my first post, I don't know if this user can use a public key for authentication. 4 - everything you show in logs makes me think that the user simultaneously authenticates and then disconnects which always suggests to me a non-valid shell but it could be something like SELinux or similar too. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
