I could use some help with a VNC authentication problem. I run VNC Free 4.1.1 on Fedora 5, and it tests OK locally with vncviewer.
For remote access, I must go through a Linux SSH gateway. A few of my associates have VNC'd through this gateway, and I can invoke the VNCauth login box to their workstations using my account on this gateway. So I know that port forwarding for 5901 is working, though I'm unable to get details on if this is implemented using source and destination targets in the NAT table, or some other method. When I log into the SSH gateway from the LAN and attempt to connect using vncviewer, I get 'connection timed out (110)'. When my associates log into this gateway from the LAN and attempt to connect to my box using vncviewer, they also get 'connection timed out (110)'. When I login to the SSH gateway remotely, using Cygwin openssh or Mindterm running on Windoz XP, I get 'unable to open display ""'. I'm trying to narrow the source of the problem down from several possibilities: SSH key generation. My workstation has a 2nd account which matches my account on the SSH gateway. I originally generated SSH keys and pass phrase under my 1st account, which is different, and SSH'd to the SSH gateway from the LAN under my 1st account before trying the 2nd matching account. With VNCing from the gateway under the matching account, to vncserver started by the different account not working, I stopped the server, started it under the matching account, logged in the gateway under the matching account and re-tested but connection still times out with no VNCauth box. The first time I SSH'd from gateway to workstation I got the error 'keychain: command not found, /home/user/.keychain/user.domain.com-sh: No such file or directory'. My associates have the keychain files, but I didn't so again suspected some error when generating SSH keys and so I installed keychain. Still no remote VNC though. Workstation config and auth files /home/user/.vnc/passwd /home/user/.bash_profile (does this need host, user, passwd environment vars?) /home/user/.ssh/known_hosts (Seems to be OK to delete the .ssh directory. It gets rebuilt, but doing so doesn't help problem) /etc/X11/xdm/Xservers (does this need anything?) Gateway config and auth files No /home/user/.vnc/ directory? /home/user/.bash_profile (does this need host, user, passwd environment vars?) /home/user/.ssh/known_hosts (Need to be cleared out?) RealVNC Free uses a Challenge Response auth mechanism and it seems like my workstation doesn't trust the SSH keys from the gateway. My administrator says I need to set up a file on the gateway with host, user and password, that he found out about it by googeling, and that's what I need to make it work. Would this be .bash_profile? I can't reproduce the action that generated it, but the VNC server log had this window manager warning about freedesktop service ownership not allowed due to security policy: SESSION_MANAGER=local/user.domain.com:/tmp/.ICE-unix/9526 Window manager warning: Log level 32: could not find XKB extension. ** (nm-applet:9592): WARNING **: <WARNING> nma_dbus_init (): nma_dbus_init() could not acquire its service. dbus_bus_acquire_service() says: 'Connection ":1.86" is not allowed to own the service "org.freedesktop.NetworkManagerInfo" due to security policies in the configuration file' Does this warning provide a clue about my problem? How can I troubleshoot this VNC connection problem systematically? What other logs should I look at other than what's in /home/username/.vnc/ on the VNC server box. Best regards, Robert Van Overmeiren Software Engineer _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
