copied the above key (that which was between the ----BEGIN and -----END but not including those lines) and pasted into the key section and that
why without the --begin-- --end-- lines? I always copy with'em.
1 - there is no /etc/nxserver/node.conf #only node.conf.sample
well, you should probably make a node.conf and allow all users to login...
my /etc/nxserver/node.conf has: ENABLE_USERMODE_AUTHENTICATION="1" ENABLE_FORCE_ENCRYPTION="1" SSHD_CHECK_IP="1" DISPLAY_BASE=20 SESSION_LIMIT=50 SESSION_USER_LIMIT=10 NX_LOG_LEVEL=7 NX_LOG_SECURE=0 DEFAULT_X_WM="twm" EXPORT_USERIP="1" EXPORT_SESSIONID="1" ENABLE_USESSION="1" COMMAND_SESSREG="/usr/X11R6/bin/sessreg" APPLICATION_LIBRARY_PATH="/usr/lib/NX/lib"
2 - the pub key I listed above apparently is the one distributed with the binary and that would seem to be a security issue
Agreed and that's why I don't use it.
I generate keys using ssh-keygen, and stick them into: /var/lib/nxserver/home/.ssh/authorized_keys2 (or without the '2' depends on sshd server setup) [in one line] and the entire private key into the client.
Basically:
# ssh-keygen -t dsa -f key <enter: empty passphrase> <enter again> # cat key.pub >> /var/lib/nxserver/home/.ssh/authorized_keys2 { you might want to actually prefix the key with from="ip.ip.ip.ip" or from="fully.qualified.domain.name" to further restrict logins to valid IPs only but do this only once everything is working... } < copy "key" into the client >
# cat /etc/passwd | grep nx nx:x:110:110:NX Remote Access:/var/lib/nxserver/home:/usr/bin/nxserver # cat /etc/shadow | grep nx nx:!!:13002:::::: # cat /etc/group | grep nx utmp:x:22:nx nx:x:110: # cat /etc/gshadow | grep nx utmp:x::nx nx:!::
Make sure that sshd is configured to let in user NX via pubkey from all important IP addresses (ssh -i key nx@serverip)
Make sure that sshd is configured to let in other users with password from localhost (ssh craig@serverip <type in password>)
Might still be missing something, but any other problems should show up as errors in /var/log/secure or /var/log/messages or the nx logs.
Oh, make sure bash-completion is _NOT_ installed.
Cheers, MaZe.