I use freenx and install it very frequently, I don't modify the sshd config but go here to get a copy of the .ssh key... /var/lib/nxserver/home/.ssh/client.id_dsa.key and copy that to your client machine.... in fact if you want to generate a new key the comman is nxkeygen see if that makes any difference 2010/10/13 José María Terry Jiménez <jtj at tssystems.net> > Hello > > To ease remove the centos packages and install the RPMs from nomachine.com > > > Best > > ------------------------------ > El 15/08/2010 18:49, gaohu <tigerheight at gmail.com> escribió: > > On Sun, Aug 15, 2010 at 11:17 AM, gaohu <tigerheight at gmail.com> wrote: > > I have installed freenx with this article > > > > http://wiki.centos.org/HowTos/FreeNX > > > > but when I use freenx-client on windows to connect to server, > > I always get an "freenx Authentication failed." > You appear to have missed a step or configured the auth bits > incorrectly. The NX user is the user who authenticates via ssh, and > you authenticate via nx to the proper session. Go through the steps in > the wiki again carefully and double check the logs to see who you're > attempting to authenticate as. I'd bet you're trying to auth as your > user instead of as the nx user and since the wiki states that only the > nx user is authorized (via the AllowUsers nx statement) auth is > failing for that reason. > -- > > During times of universal deceit, telling the truth becomes a revolutionary act. > George Orwell > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > ========================================================================== > My config as follows: > 1. config sshd config, I add > > PasswordAuthentication no AllowUsers nx ---> nx is not an actual user in my system. > > 2. add user, I config > nxserver --add user gaohu <--- gaohu is a common user on my system, and > can connect via ssh with isa key > , (and password also works before I use ssh > key to audit.) > > then re config sshd config file, set > *AllowUsers nx gaohu* > ** > one thing I can not understand is sshd default use > > /home/myuser/.ssh/authorized_keys, file > > but nxserver generate the key at > > > > /home/myuser/.ssh/authorized_keys2 file, should I do other settings > > in sshd config file to support this? > > > > 3.then I install the client and copy */*etc/nxserver/client.id_dsa.key file content > > to the key window. > > > > That's all. > > > > but when I run nxserver --test ? I just got permission denied ? why? > > > > following is my sshd_config file, Could any one help? > > > > ==================== > ===================================== > > > > # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ > # This is the sshd server system-wide configuration file. See > # sshd_config(5) for more information. > # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin > # The strategy used for options in the default sshd_config shipped with > # OpenSSH is to specify options with their default value where > # possible, but leave them commented. Uncommented options change a > # default value. > #Port 22 > #Protocol 2,1 > Protocol 2 > #AddressFamily any > #ListenAddress 0.0.0.0 > #ListenAddress :: > # HostKey for protocol version 1 > #HostKey /etc/ssh/ssh_host_key > # HostKeys for protocol version 2 > #HostKey /etc/ssh/ssh_host_rsa_key > #HostKey /etc/ssh/ssh_host_dsa_key > # Lifetime and size of ephemeral version 1 server key > #KeyRegenerationInterval 1h > #ServerKeyBits 768 > # Logging > # obsoletes QuietMode and FascistLogging > #SyslogFacility AUTH > SyslogFacility AUTHPRIV > #LogLevel INFO > # Authentication: > #LoginGraceTime 2m > #PermitRootLogin yes > #StrictModes yes > #MaxAuthTries 6 > RSAAuthentication yes > PubkeyAuthentication yes > AuthorizedKeysFile .ssh/authorized_keys > # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts > #RhostsRSAAuthentication no > # similar for protocol version 2 > #HostbasedAuthentication no > # Change to yes if you don't trust ~/.ssh/known_hosts for > # RhostsRSAAuthentication and HostbasedAuthentication > #IgnoreUserKnownHosts no > # Don't read the user's ~/.rhosts and ~/.shosts files > #IgnoreRhosts yes > # To disable tunneled clear text passwords, change to no here! > #PasswordAuthentication yes > #PermitEmptyPasswords no > PasswordAuthentication no > AllowUsers nx gaohu > # Change to no to disable s/key passwords > #ChallengeResponseAuthentication yes > ChallengeResponseAuthentication no > # Kerberos options > #KerberosAuthentication no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > #KerberosGetAFSToken no > # GSSAPI options > #GSSAPIAuthentication no > GSSAPIAuthentication yes > #GSSAPICleanupCredentials yes > GSSAPICleanupCredentials yes > # Set this to 'yes' to enable PAM authentication, account processing, < > /DIV> > # and session processing. If this is enabled, PAM authentication will > # be allowed through the ChallengeResponseAuthentication mechanism. > # Depending on your PAM configuration, this may bypass the setting of > # PasswordAuthentication, PermitEmptyPasswords, and > # "PermitRootLogin without-password". If you just want the PAM account and > # session checks to run without PAM authentication, then enable this but set > # ChallengeResponseAuthentication=no > #UsePAM no > UsePAM yes > # Accept locale-related environment variables > AcceptEnv LANG& > nbsp;LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES > AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT > AcceptEnv LC_IDENTIFICATION LC_ALL > #AllowTcpForwarding yes > #GatewayPorts no > #X11Forwarding no > X11Forwarding yes > #X11DisplayOffset 10 > #X11UseLocalhost yes > #PrintMotd yes > #PrintLastLog yes > #TCPKeepAlive yes > #UseLogin no > #UsePrivilegeSeparation yes > #PermitUserEnvironment no > #Compression delayed > #ClientAliveInterval 0 > #ClientAliveCountMax 3 > #ShowPatchLevel no > #UseDNS yes > #PidFile /var/run/sshd.pid > #MaxStartups 10 > #PermitTunnel no > #ChrootDirectory n > one > # no default banner path > #Banner /some/path > # override default of no subsystems > Subsystem sftp /usr/libexec/openssh/sftp-server > > > > ========================================================== > > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20101013/bcabee12/attachment-0005.html>