Gentoo Archives: gentoo-user

From: thelma@×××××××××××.com
To: Gentoo mailing list <gentoo-user@l.g.o>
Subject: Re: [gentoo-user] openssh-7.1_p1-r2 won't allow "nxserver" to connect
Date: Sat, 14 Nov 2015 06:48:34
Message-Id: 5646D972.4010300@sys-concept.com
In Reply to: [gentoo-user] openssh-7.1_p1-r2 won't allow "nxserver" to connect by thelma@sys-concept.com
1 Thelma
2
3 On 11/13/2015 11:08 PM, thelma@×××××××××××.com wrote:
4 > I'm running: nxserver-freenx-0.7.3_p104-r7
5 > After recent upgrade, system installed new stable openssh-7.1_p1-r2
6 >
7 > The problem is the new openssh-7.1_p1-r2 will not allow my my "nxserver" to connect, I get an error:
8 > Permission denied (publickey,keyboard-interactive) see below:
9 >
10 > nxsetup --test
11 > ...
12 > <---- done
13 >
14 > ----> Testing your nxserver connection ...
15 > Permission denied (publickey,keyboard-interactive).
16 > Fatal error: Could not connect to NX Server.
17 >
18 > Please check your ssh setup:
19 >
20 > The following are _examples_ of what you might need to check.
21 >
22 > - Make sure "nx" is one of the AllowUsers in sshd_config.
23 > (or that the line is outcommented/not there)
24 > - Make sure "nx" is one of the AllowGroups in sshd_config.
25 > (or that the line is outcommented/not there)
26 > - Make sure your sshd allows public key authentication.
27 > - Make sure your sshd is really running on port 22.
28 > - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2.
29 > (this should be a filename not a pathname+filename)
30 > - Make sure you allow ssh on localhost, this could come from some
31 > restriction of:
32 > -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost
33 > -the iptables. add to it:
34 > $ iptables -A INPUT -i lo -j ACCEPT
35 > $ iptables -A OUTPUT -o lo -j ACCEPT
36 >
37 > What I should be getting is this:
38 > ----> Testing your nxserver connection ...
39 > HELLO NXSERVER - Version 3.2.0-74-TEAMBZR104 OS (GPL, using backend: 3.5.0)
40 > NX> 105 quit
41 > Quit
42 > NX> 999 Bye
43 > <--- done
44 >
45 > I did not change anything in sshd_config.
46 > But I downgraded to: openssh-6.9_p1-r2 and nxserver connects OK.
47 >
48 > What could be the problem with new: openssh-7.1_p1-r2
49
50 I think the reason is that OpenSSH 7.0 disables ssh-dss keys by default
51 https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
52
53 And and nxserver is using ssh-dss keys by default.
54
55 I have to find a way a way to replace the ssh-dss key in: /etc/nxserver/ with RSA one.
56
57 Do I just run: ssh-keygen -t rsa
58 and copy the key pair to /etc/nxserver/ directory?
59
60 --
61 Thelma

Replies

Subject Author
Re: [gentoo-user] openssh-7.1_p1-r2 won't allow "nxserver" to connect Mick <michaelkintzios@×××××.com>