1 |
Thelma |
2 |
|
3 |
On 11/13/2015 11:08 PM, thelma@×××××××××××.com wrote: |
4 |
> I'm running: nxserver-freenx-0.7.3_p104-r7 |
5 |
> After recent upgrade, system installed new stable openssh-7.1_p1-r2 |
6 |
> |
7 |
> The problem is the new openssh-7.1_p1-r2 will not allow my my "nxserver" to connect, I get an error: |
8 |
> Permission denied (publickey,keyboard-interactive) see below: |
9 |
> |
10 |
> nxsetup --test |
11 |
> ... |
12 |
> <---- done |
13 |
> |
14 |
> ----> Testing your nxserver connection ... |
15 |
> Permission denied (publickey,keyboard-interactive). |
16 |
> Fatal error: Could not connect to NX Server. |
17 |
> |
18 |
> Please check your ssh setup: |
19 |
> |
20 |
> The following are _examples_ of what you might need to check. |
21 |
> |
22 |
> - Make sure "nx" is one of the AllowUsers in sshd_config. |
23 |
> (or that the line is outcommented/not there) |
24 |
> - Make sure "nx" is one of the AllowGroups in sshd_config. |
25 |
> (or that the line is outcommented/not there) |
26 |
> - Make sure your sshd allows public key authentication. |
27 |
> - Make sure your sshd is really running on port 22. |
28 |
> - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. |
29 |
> (this should be a filename not a pathname+filename) |
30 |
> - Make sure you allow ssh on localhost, this could come from some |
31 |
> restriction of: |
32 |
> -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost |
33 |
> -the iptables. add to it: |
34 |
> $ iptables -A INPUT -i lo -j ACCEPT |
35 |
> $ iptables -A OUTPUT -o lo -j ACCEPT |
36 |
> |
37 |
> What I should be getting is this: |
38 |
> ----> Testing your nxserver connection ... |
39 |
> HELLO NXSERVER - Version 3.2.0-74-TEAMBZR104 OS (GPL, using backend: 3.5.0) |
40 |
> NX> 105 quit |
41 |
> Quit |
42 |
> NX> 999 Bye |
43 |
> <--- done |
44 |
> |
45 |
> I did not change anything in sshd_config. |
46 |
> But I downgraded to: openssh-6.9_p1-r2 and nxserver connects OK. |
47 |
> |
48 |
> What could be the problem with new: openssh-7.1_p1-r2 |
49 |
|
50 |
I think the reason is that OpenSSH 7.0 disables ssh-dss keys by default |
51 |
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html |
52 |
|
53 |
And and nxserver is using ssh-dss keys by default. |
54 |
|
55 |
I have to find a way a way to replace the ssh-dss key in: /etc/nxserver/ with RSA one. |
56 |
|
57 |
Do I just run: ssh-keygen -t rsa |
58 |
and copy the key pair to /etc/nxserver/ directory? |
59 |
|
60 |
-- |
61 |
Thelma |