NX authentication error
L
yuanlux at gmail.com
Mon Jun 29 23:26:54 UTC 2009
On Tue, Jun 30, 2009 at 6:49 AM, Craig White<craigwhite at azapple.com> wrote:
> On Mon, 2009-06-29 at 15:20 +1000, L wrote:
>> On Mon, Jun 29, 2009 at 11:11 AM, Craig White<craigwhite at azapple.com> wrote:
>> > On Mon, 2009-06-29 at 10:33 +1000, L wrote:
>> >> On Mon, Jun 29, 2009 at 10:18 AM, Craig White<craigwhite at azapple.com> wrote:
>> >> > On Mon, 2009-06-29 at 10:03 +1000, L wrote:
>> >> >> I I set up a nxserver at remote PC (F10 2.6.27.25-170.2.72.fc10.i686),
>> >> >> followed all steps, shipped key from server to client. tried login
>> >> >> from client to sever as
>> >> >>
>> >> >>
>> >> >> ssh -i /usr/NX/share/keys/user.id_dsa.key nx at server
>> >> >> ssh -l USER1 server
>> >> >>
>> >> >> all work.
>> >> >>
>> >> >> when I login via nxclient, after pass steps Connected, download
>> >> >> session, it failed with errors:
>> >> > ----
>> >> > problem is with USER1 account.
>> >> >
>> >> > nxuser only creates an ssh tunnel. Once that tunnel is created another
>> >> > connection for nxsession is started and this user must exist on the
>> >> > system and the password must be correct. I am not aware that this user
>> >> > can use a public key authentication.
>> >> >
>> >> > Craig
>> >>
>> >> thanks for your reply, as you see, USER1 can login via ssh to server.
>> >> the pssword for users must be right.
>> >>
>> >> where should I look for error to fix it?
>> > ----
>> > I would start with the suggestions given in your own error report...
>> >
>> > NX> 502 ERROR: Public key authentication failed
>> > NX> 502 ERROR: NX server was unable to login as user: USER1
>> > NX> 502 ERROR: Please check that the account is enabled to login,
>> > NX> 502 ERROR: the user's home directory, the directory ~/.ssh
>> > NX> 502 ERROR: and the file ~/.ssh/authorized_keys2 have correct
>> > NX> 502 ERROR: permissions setting according to the StrictModes
>> > NX> 502 ERROR: of your SSHD configuration.
>> >
>> > make sure that /home/USER1/.ssh/authorized_keys2 is 600 permissions
>> > and /home/USER1/.ssh is 755 but I if I were to guess, USER1 does not
>> > have a valid shell
>> >
>> > Craig
>>
>> thanks, after change permissions on them, the error message change to
>>
>> Authentication to NX node failed.
>>
>> see below
>>
>> NX> 203 NXSSH running with pid: 13927
>> NX> 285 Enabling check on switch command
>> NX> 285 Enabling skip of SSH config files
>> NX> 285 Setting the preferred NX options
>> NX> 200 Connected to address: 202.118.163.85 on port: 22
>> NX> 202 Authenticating user: nx
>> NX> 208 Using auth method: publickey
>> HELLO NXSERVER - Version 3.3.0-22 - LFE
>> NX> 105 Hello NXCLIENT - Version 3.3.0
>> NX> 134 Accepted protocol: 3.3.0
>> NX> 105 Set shell_mode: shell
>> NX> 105 Set auth_mode: password
>> NX> 105 Login
>> NX> 101 User: test
>> NX> 102 Password: ****
>> NX> 103 Welcome to: localhost.localdomain user: test
>> NX> 105 Listsession --user="test" --status="suspended\054running"
>> --geometry="1280x1024x24+render" --type="unix-application"
>> NX> 127 Available sessions:
>>
>> Display Type Session ID Options
>> Depth Screen Status Session Name
>> ------- ---------------- -------------------------------- --------
>> ----- -------------- ----------- ------------------------------
>>
>> NX> 148 Server capacity: not reached for user: test
>> NX> 105 Start session with: --rootless="1" --virtualdesktop="0"
>> --application="xterm" --link="adsl" --backingstore="1" --cache="16M"
>> --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1"
>> --media="0" --session="neau" --type="unix-application"
>> --client="linux" --keyboard="pc105\057us"
>> --screeninfo="1280x1024x24+render"
>> NX> 596 ERROR: Authentication to NX node failed.
>> NX> 280 Exiting on signal: 15
> ----
> OK, now you have changed from USER1 to test
>
> That is OK but what is shell for test?
>
let stay with USER1, user test was newly created to check if a new
user can login
the shell for USER1 is bash
line from /etc/passwd
USER1:x:503:504::/home/USER1:/bin/bash
> grep test /etc/passwd
>
> is it /bin/sh or /bin/bash?
>
> Can user 'test' login at the console?
YES, USERs can login.
Here are section of /var/log/secure
part for ssh login
Jun 30 07:12:54 localhost sshd[25852]: debug1: Forked child 31674.
Jun 30 07:12:54 localhost sshd[31674]: debug1: rexec start in 5 out 5
newsock 5 pipe 7 sock 8
Jun 30 07:12:54 localhost sshd[31674]: debug1: inetd sockets after dupping: 3, 3
Jun 30 07:12:54 localhost sshd[31674]: Connection from 127.0.0.1 port 52180
Jun 30 07:12:54 localhost sshd[31674]: debug1: Client protocol version
2.0; client software version OpenSSH_4.7
Jun 30 07:12:54 localhost sshd[31674]: debug1: match: OpenSSH_4.7 pat OpenSSH_4*
Jun 30 07:12:54 localhost sshd[31674]: debug1: Enabling compatibility
mode for protocol 2.0
Jun 30 07:12:54 localhost sshd[31674]: debug1: Local version string
SSH-2.0-OpenSSH_5.1
Jun 30 07:12:54 localhost sshd[31674]: debug2: fd 3 setting O_NONBLOCK
Jun 30 07:12:54 localhost sshd[31674]: debug2: Network child is on pid 31675
Jun 30 07:12:54 localhost sshd[31675]: debug1: permanently_set_uid: 74/74
Jun 30 07:12:54 localhost sshd[31675]: debug1: list_hostkey_types:
ssh-rsa,ssh-dss
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEXINIT sent
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEXINIT received
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
none,zlib at openssh.com
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
none,zlib at openssh.com
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
first_kex_follows 0
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: reserved 0
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
none,zlib at openssh.com,zlib
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
none,zlib at openssh.com,zlib
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit:
first_kex_follows 0
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_parse_kexinit: reserved 0
Jun 30 07:12:54 localhost sshd[31675]: debug2: mac_setup: found hmac-md5
Jun 30 07:12:54 localhost sshd[31675]: debug1: kex: client->server
aes128-cbc hmac-md5 none
Jun 30 07:12:54 localhost sshd[31675]: debug2: mac_setup: found hmac-md5
Jun 30 07:12:54 localhost sshd[31675]: debug1: kex: server->client
aes128-cbc hmac-md5 none
Jun 30 07:12:54 localhost sshd[31675]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 0 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Jun 30 07:12:54 localhost sshd[31675]: debug2: dh_gen_key: priv key
bits set: 133/256
Jun 30 07:12:54 localhost sshd[31675]: debug2: bits set: 505/1024
Jun 30 07:12:54 localhost sshd[31675]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT
Jun 30 07:12:54 localhost sshd[31675]: debug2: bits set: 492/1024
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Jun 30 07:12:54 localhost sshd[31675]: debug2: kex_derive_keys
Jun 30 07:12:54 localhost sshd[31675]: debug2: set_newkeys: mode 1
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_NEWKEYS sent
Jun 30 07:12:54 localhost sshd[31675]: debug1: expecting SSH2_MSG_NEWKEYS
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 5 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31675]: debug2: set_newkeys: mode 0
Jun 30 07:12:54 localhost sshd[31675]: debug1: SSH2_MSG_NEWKEYS received
Jun 30 07:12:54 localhost sshd[31675]: debug1: KEX done
Jun 30 07:12:54 localhost sshd[31675]: debug1: userauth-request for
user USER1 service ssh-connection method none
Jun 30 07:12:54 localhost sshd[31675]: debug1: attempt 0 failures 0
Jun 30 07:12:54 localhost sshd[31674]: debug2: parse_server_config:
config reprocess config len 696
Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request:
setting up authctxt for USER1
Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request:
try method none
Jun 30 07:12:54 localhost sshd[31675]: debug1: userauth-request for
user USER1 service ssh-connection method password
Jun 30 07:12:54 localhost sshd[31675]: debug1: attempt 1 failures 0
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 7 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31675]: debug2: input_userauth_request:
try method password
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: initializing for "USER1"
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: setting PAM_RHOST
to "localhost.localdomain"
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: setting PAM_TTY to "ssh"
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 46 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 3 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31674]: debug2: monitor_read: 4 used
once, disabling now
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: password
authentication accepted for USER1
Jun 30 07:12:54 localhost sshd[31674]: debug1: do_pam_account: called
Jun 30 07:12:54 localhost sshd[31674]: Accepted password for USER1
from 127.0.0.1 port 52180 ssh2
Jun 30 07:12:54 localhost sshd[31674]: debug1: monitor_child_preauth:
USER1 has been authenticated by privileged process
Jun 30 07:12:54 localhost sshd[31674]: debug2: mac_setup: found hmac-md5
Jun 30 07:12:54 localhost sshd[31674]: debug2: mac_setup: found hmac-md5
Jun 30 07:12:54 localhost sshd[31674]: debug1: temporarily_use_uid:
503/504 (e=0/0)
Jun 30 07:12:54 localhost sshd[31674]: debug1: ssh_gssapi_storecreds:
Not a GSSAPI mechanism
Jun 30 07:12:54 localhost sshd[31674]: debug1: restore_uid: 0/0
Jun 30 07:12:54 localhost sshd[31674]: debug1: SELinux support disabled
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: establishing credentials
Jun 30 07:12:54 localhost sshd[31674]: pam_unix(sshd:session): session
opened for user USER1 by (uid=0)
Jun 30 07:12:54 localhost sshd[31676]: debug1: PAM: establishing credentials
Jun 30 07:12:54 localhost sshd[31676]: debug1: permanently_set_uid: 503/504
Jun 30 07:12:54 localhost sshd[31676]: debug2: set_newkeys: mode 0
Jun 30 07:12:54 localhost sshd[31676]: debug2: set_newkeys: mode 1
Jun 30 07:12:54 localhost sshd[31676]: debug1: Entering interactive
session for SSH2.
Jun 30 07:12:54 localhost sshd[31676]: debug2: fd 4 setting O_NONBLOCK
Jun 30 07:12:54 localhost sshd[31676]: debug2: fd 6 setting O_NONBLOCK
Jun 30 07:12:54 localhost sshd[31676]: debug1: server_init_dispatch_20
Jun 30 07:12:54 localhost sshd[31674]: User child is on pid 31676
Jun 30 07:12:54 localhost sshd[31676]: Connection closed by 127.0.0.1
Jun 30 07:12:54 localhost sshd[31676]: debug1: do_cleanup
Jun 30 07:12:54 localhost sshd[31676]: Transferred: sent 1768,
received 1184 bytes
Jun 30 07:12:54 localhost sshd[31676]: Closing connection to 127.0.0.1
port 52180
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: cleanup
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: deleting credentials
Jun 30 07:12:54 localhost sshd[31674]: debug1: PAM: closing session
Jun 30 07:12:54 localhost sshd[31674]: pam_unix(sshd:session): session
closed for user USER1
part for NX login
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read<=0 rfd 11 len 0
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read failed
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: close_read
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: input open -> drain
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: ibuf_empty
delayed efd 13/(0)
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: read 0 from efd 13
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: closing read-efd 13
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: ibuf empty
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send eof
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: input drain -> closed
Jun 30 07:12:58 localhost sshd[31631]: debug1: Received SIGCHLD.
Jun 30 07:12:58 localhost sshd[31631]: debug1: session_by_pid: pid 31632
Jun 30 07:12:58 localhost sshd[31631]: debug1: session_exit_message:
session 0 channel 0 pid 31632
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: request
exit-status confirm 0
Jun 30 07:12:58 localhost sshd[31631]: debug1: session_exit_message:
release channel 0
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: write failed
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: close_write
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send eow
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: output open -> closed
Jun 30 07:12:58 localhost sshd[31631]: debug2: channel 0: send close
Jun 30 07:12:58 localhost sshd[31631]: debug2: notify_done: reading
Jun 30 07:12:58 localhost sshd[31631]: Connection closed by xx.xx.xx.xx
Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 0: free:
server-session, nchannels 3
Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 1: free: X11
inet listener, nchannels 2
Jun 30 07:12:58 localhost sshd[31631]: debug1: channel 2: free: X11
inet listener, nchannels 1
Jun 30 07:12:58 localhost sshd[31631]: debug1: session_close: session 0 pid 0
Jun 30 07:12:58 localhost sshd[31631]: debug1: do_cleanup
Jun 30 07:12:58 localhost sshd[31631]: Transferred: sent 3768,
received 2432 bytes
Jun 30 07:12:58 localhost sshd[31631]: Closing connection to
xx.xx.xx.xx port 54515
Jun 30 07:12:58 localhost sshd[31628]: debug1: PAM: cleanup
Jun 30 07:12:58 localhost sshd[31628]: debug1: PAM: deleting credentials
Jun 30 07:12:59 localhost sshd[31628]: debug1: PAM: closing session
Jun 30 07:12:59 localhost sshd[31628]: pam_unix(sshd:session): session
closed for user nx
>
> Craig
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>
More information about the fedora-list
mailing list