Hello<br><br>To ease remove the centos packages and install the RPMs from <a href="http://nomachine.com" type="url">nomachine.com</a> <br><br><span style="font-family:Prelude, Verdana, san-serif;">Best<br><br></span><span id="signature"><div id="no_signature" style="overflow:hidden;"></div></span><span style="color:navy; font-family:Prelude, Verdana, san-serif; "><hr align="left" style="width:75%">El 15/08/2010 18:49, gaohu <tigerheight@gmail.com> escribió: <br><br>
<style type="text/css">@import url( C:\Documents and Settings\gaohu\Local Settings\Temporary Internet Files\scrollbar.css );
</style>
<style>@font-face {
font-family: 宋
}
@font-face {
font-family: Verdana;
}
@font-face {
font-family: @宋
}
@page Section1 {size: 595.3pt 841.9pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; layout-grid: 15.6pt; }
P.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; TEXT-ALIGN: justify; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; FONT-SIZE: 10.5pt
}
LI.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; TEXT-ALIGN: justify; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; FONT-SIZE: 10.5pt
}
DIV.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; TEXT-ALIGN: justify; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; FONT-SIZE: 10.5pt
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
FONT-STYLE: normal; FONT-FAMILY: Verdana; COLOR: windowtext; FONT-WEIGHT: normal; TEXT-DECORATION: none; mso-style-type: personal-compose
}
DIV.Section1 {
page: Section1
}
UNKNOWN {
FONT-SIZE: 10pt
}
BLOCKQUOTE {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em
}
OL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
UL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
<style>@font-face {
font-family: 宋体;
}
@font-face {
font-family: Verdana;
}
@font-face {
font-family: @宋体;
}
@page Section1 {size: 595.3pt 841.9pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; layout-grid: 15.6pt; }
P.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; TEXT-ALIGN: justify; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; FONT-SIZE: 10.5pt
}
LI.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; TEXT-ALIGN: justify; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; FONT-SIZE: 10.5pt
}
DIV.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; TEXT-ALIGN: justify; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; FONT-SIZE: 10.5pt
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
FONT-STYLE: normal; FONT-FAMILY: Verdana; COLOR: windowtext; FONT-WEIGHT: normal; TEXT-DECORATION: none; mso-style-type: personal-compose
}
DIV.Section1 {
page: Section1
}
UNKNOWN {
FONT-SIZE: 10pt
}
</style>
<font color="#000000" size="2" face="Verdana">
<div>
<div><font size="2" face="Verdana"></font></div></div>
<div><font size="2" face="Verdana">
<div><font face="Verdana"></font></div>
<div><font size="3" face="Times New Roman">
<div><font size="2" face="Verdana">On Sun, Aug 15, 2010 at 11:17 AM, gaohu <tigerheight@gmail.com> wrote:</font></div>
<div>
<div><font size="2" face="Verdana">> I have installed freenx with this article</font></div>
<div><font size="2" face="Verdana">></font></div>
<div><font size="2" face="Verdana">> http://wiki.centos.org/HowTos/FreeNX</font></div>
<div><font size="2" face="Verdana">></font></div>
<div><font size="2" face="Verdana">> but when I use freenx-client on windows to connect to server,</font></div>
<div><font size="2" face="Verdana">> I always get an "freenx Authentication failed."</font></div>
<div><font size="2" face="Verdana"></font></div>
<div><font size="2" face="Verdana">You appear to have missed a step or configured the auth bits</font></div>
<div><font size="2" face="Verdana">incorrectly. The NX user is the user who authenticates via ssh, and</font></div>
<div><font size="2" face="Verdana">you authenticate via nx to the proper session. Go through the steps in</font></div>
<div><font size="2" face="Verdana">the wiki again carefully and double check the logs to see who you're</font></div>
<div><font size="2" face="Verdana">attempting to authenticate as. I'd bet you're trying to auth as your</font></div>
<div><font size="2" face="Verdana">user instead of as the nx user and since the wiki states that only the</font></div>
<div><font size="2" face="Verdana">nx user is authorized (via the AllowUsers nx statement) auth is</font></div>
<div><font size="2" face="Verdana">failing for that reason.</font></div>
<div><font size="2" face="Verdana"></font></div>
<div><font size="2" face="Verdana"></font></div>
<div><font size="2" face="Verdana">-- </font></div>
<div><font size="2" face="Verdana">During times of universal deceit, telling the truth becomes a revolutionary act.</font></div>
<div><font size="2" face="Verdana">George Orwell</font></div>
<div><font size="2" face="Verdana">_______________________________________________</font></div>
<div><font size="2" face="Verdana">CentOS mailing list</font></div>
<div><font size="2" face="Verdana">CentOS@centos.org</font></div>
<div><font size="2" face="Verdana">http://lists.centos.org/mailman/listinfo/centos</font></div></div></font></div>
<div><font size="3" face="Times New Roman"></font> </div>
<div><font size="3" face="Times New Roman">==========================================================================</font></div>
<div><font size="3" face="Times New Roman">My config as follows:</font></div>
<div><font size="3" face="Times New Roman">1. config sshd config, I
add</font></div>
<div><pre><font face="Times New Roman"><font size="3">PasswordAuthentication no
<span id="line-46" class="anchor"></span> <font color="#ff0000"> AllowUsers nx ---> nx is not an actual user in my system.</font></font></font></pre></div>
<div><font size="3" face="Times New Roman">2. add user, I config</font></div>
<div><font face="Times New Roman"><font size="3"> <font color="#ff0000">nxserver --add user gaohu <--- gaohu is a
common user on my system, and can connect via ssh with isa
key</font></font></font></div>
<div><font color="#ff0000" size="3" face="Times New Roman">
, (and password also works before I use ssh key to audit.)</font></div>
<div><font size="3" face="Times New Roman"></font> </div>
<div><font size="3" face="Times New Roman"> then re config sshd config file,
set</font></div>
<div><font face="Times New Roman"><font size="3"> <em>AllowUsers nx
gaohu</em></font></font></div>
<div><em><font size="3" face="Times New Roman"></font></em> </div>
<div><font face="Verdana"><font size="3" face="Times New Roman"> one thing I
can not understand is sshd default use </font><pre><font size="3" face="Times New Roman">/home/myuser/.ssh/authorized_keys, file</font></pre><pre><font size="3" face="Times New Roman">but nxserver generate the key at
</font><pre> </pre><pre><font size="3" face="Times New Roman">/home/myuser/.ssh/authorized_keys2 file, should I do other settings</font></pre><pre><font size="3" face="Times New Roman">in sshd config file to support this?</font></pre><pre><font size="3" face="Times New Roman"></font> </pre><pre><font size="3" face="Times New Roman">3.then I install the client and copy <strong>/</strong>etc/nxserver/client.id_dsa.key file content</font></pre><pre><font size="3" face="Times New Roman">to the key window.</font></pre><pre><font size="3" face="Times New Roman"></font> </pre><pre><font size="3" face="Times New Roman">That's all.</font></pre><pre><font size="3" face="Times New Roman"></font> </pre><pre><font color="#ff0000" size="3" face="Times New Roman">but when I run nxserver --test ? I just got permission denied ? why?</font></pre><pre> </pre><pre><font color="#ff0000">following is my sshd_config file, Could any one help?</font></pre><pre> </pre><pre>====================
=====================================</pre><pre> </pre><pre><div># $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $</div><div></div><div># This is the sshd server system-wide configuration file. See</div><div># sshd_config(5) for more information.</div><div></div><div># This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin</div><div></div><div># The strategy used for options in the default sshd_config shipped with</div><div># OpenSSH is to specify options with their default value where</div><div># possible, but leave them commented. Uncommented options change a</div><div># default value.</div><div></div><div>#Port 22</div><div>#Protocol 2,1</div><div>Protocol 2</div><div>#AddressFamily any</div><div>#ListenAddress 0.0.0.0</div><div>#ListenAddress ::</div><div></div><div># HostKey for protocol version 1</div><div>#HostKey /etc/ssh/ssh_host_key</div><div># HostKeys for protocol version 2</div><div>#HostKey /etc/ssh/ssh_host_rsa_key</div><div>#HostKey /etc/ssh/ssh_host_dsa_key</div><div></div><div># Lifetime and size of ephemeral version 1 server key</div><div>#KeyRegenerationInterval 1h</div><div>#ServerKeyBits 768</div><div></div><div># Logging</div><div># obsoletes QuietMode and FascistLogging</div><div>#SyslogFacility AUTH</div><div>SyslogFacility AUTHPRIV</div><div>#LogLevel INFO</div><div></div><div># Authentication:</div><div></div><div>#LoginGraceTime 2m</div><div>#PermitRootLogin yes</div><div>#StrictModes yes<div>#MaxAuthTries 6</div><div></div><div>RSAAuthentication yes</div><div>PubkeyAuthentication yes</div><div>AuthorizedKeysFile .ssh/authorized_keys </div><div></div><div># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts</div><div>#RhostsRSAAuthentication no</div><div># similar for protocol version 2</div><div>#HostbasedAuthentication no</div><div># Change to yes if you don't trust ~/.ssh/known_hosts for</div><div># RhostsRSAAuthentication and HostbasedAuthentication</div><div>#IgnoreUserKnownHosts no</div><div># Don't read the user's ~/.rhosts and ~/.shosts files</div><div>#IgnoreRhosts yes</div><div></div><div># To disable tunneled clear text passwords, change to no here!<div>#PasswordAuthentication yes</div><div>#PermitEmptyPasswords no</div><div>PasswordAuthentication no</div><div> AllowUsers nx gaohu</div><div></div><div># Change to no to disable s/key passwords</div><div>#ChallengeResponseAuthentication yes</div><div>ChallengeResponseAuthentication no</div><div></div><div># Kerberos options</div><div>#KerberosAuthentication no</div><div>#KerberosOrLocalPasswd yes</div><div>#KerberosTicketCleanup yes</div><div>#KerberosGetAFSToken no</div><div></div><div># GSSAPI options</div><div>#GSSAPIAuthentication no</div><div>GSSAPIAuthentication yes</div><div>#GSSAPICleanupCredentials yes</div><div>GSSAPICleanupCredentials yes</div><div></div><div># Set this to 'yes' to enable PAM authentication, account processing, <
/DIV><div># and session processing. If this is enabled, PAM authentication will </div><div># be allowed through the ChallengeResponseAuthentication mechanism. </div><div># Depending on your PAM configuration, this may bypass the setting of </div><div># PasswordAuthentication, PermitEmptyPasswords, and </div><div># "PermitRootLogin without-password". If you just want the PAM account and </div><div># session checks to run without PAM authentication, then enable this but set </div><div># ChallengeResponseAuthentication=no</div><div>#UsePAM no</div><div>UsePAM yes</div><div></div><div># Accept locale-related environment variables</div><div>AcceptEnv LANG&
nbsp;LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES </div><div>AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT </div><div>AcceptEnv LC_IDENTIFICATION LC_ALL</div><div>#AllowTcpForwarding yes</div><div>#GatewayPorts no</div><div>#X11Forwarding no</div><div>X11Forwarding yes</div><div>#X11DisplayOffset 10</div><div>#X11UseLocalhost yes</div><div>#PrintMotd yes</div><div>#PrintLastLog yes</div><div>#TCPKeepAlive yes</div><div>#UseLogin no</div><div>#UsePrivilegeSeparation yes</div><div>#PermitUserEnvironment no</div><div>#Compression delayed</div><div>#ClientAliveInterval 0</div><div>#ClientAliveCountMax 3</div><div>#ShowPatchLevel no</div><div>#UseDNS yes</div><div>#PidFile /var/run/sshd.pid</div><div>#MaxStartups 10</div><div>#PermitTunnel no</div><div>#ChrootDirectory n
one</div><div></div><div># no default banner path</div><div>#Banner /some/path</div><div></div><div># override default of no subsystems</div><div>Subsystem sftp /usr/libexec/openssh/sftp-server</div></div></div></div></pre><pre> </pre><pre>==========================================================</pre><pre> </pre></pre></font></div></font></div></font>
</span>