On Thu, Mar 19, 2009 at 11:10 AM, Joseph <syscon...@gmail.com> wrote: > On 03/19/09 10:51, Paul Hartman wrote: >>> >>> Yes, I tried it already: >>> >>> passwd -u nx >>> passwd: unlocking the user would result in a passwordless account. >>> You should set password with usermod -p to unlock this user account. >>> Password changed. >>> >>> What do you do next? >>> >>> When I try to run again: >>> nxsetup --install --setup-nomachine-key --clean --purge >>> >>> I get: >>> ... >>> Setting up /var/log/nxserver.log ...done >>> Setting up special user "nx" ...passwd: unlocking the user would result >>> in a >>> passwordless account. >>> You should set a password with usermod -p to unlock this user account. >>> Password changed. >>> done. >>> ... >>> ----> Testing your nxserver connection ... >>> Permission denied (publickey,keyboard-interactive). >>> Fatal error: Could not connect to NX Server. >>> >>> Please check your ssh setup: >>> >>> The following are _examples_ of what you might need to check. >>> >>> - Make sure "nx" is one of the AllowUsers in sshd_config. >>> (or that the line is outcommented/not there) >>> - Make sure "nx" is one of the AllowGroups in sshd_config. >>> (or that the line is outcommented/not there) >>> - Make sure your sshd allows public key authentication. >>> - Make sure your sshd is really running on port 22. >>> - Make sure your sshd_config AuthorizedKeysFile in sshd_config is >>> set >>> to authorized_keys2. >>> (this should be a filename not a pathname+filename) >>> - Make sure you allow ssh on localhost, this could come from some >>> restriction of: >>> -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost >>> -the iptables. add to it: >>> $ iptables -A INPUT -i lo -j ACCEPT >>> $ iptables -A OUTPUT -o lo -j ACCEPT >>> >>> >>> So at this point I'm back to square one in log/messages I get: >>> User nx not allowed because account is locked >> >> Oh, try to give user nx a password on your system. It uses ssh keys >> to login, so it doesn't even matter what the password is. Just don't >> make it something easily guessed/brute-force like "nx" or "1234" or >> else you might have some unwanted guests in your system :) > > I did give it a password usermod -p something nx > > it accepted the password, now do I run the setup again: > nxsetup --install --setup-nomachine-key --clean --purge > > If I try to login from another machine do I login as user "nx"? > When I try to login from another machine on my network I get: > Your guest account has expired...
The way NX works is it uses the nx user as an intermediate. You need to login as a normal user, and you need to explicitly give that user permission to use NX by doing nxserver --useradd yourname (which will generate NX ssh keys and put them in that user's directory). If you use interactive/PAM authentication on your system, NX can use your user's normal system password; if you use key-based authentication for SSH the only way to make NX work is to use its internal password database and assing an NX-specific password to that user. In nxclient, copy the normal SSH key, and then in the nxclient login box put the NX username and password.