/usr/NX/bin/nxserver –keygen … Please, I want the last two hours of my life back!
As good as Nomachine’s NX is … the documentation is seriously confusing and all over the place with some documents more complete than others.
I tried to check out their new 4.x preview just yet (oh, and no, it’s definitely not ready for production), and as I always do, generate my own keys to go with it. But after the usual /usr/NX/bin/nxserver –keygen, a restart failed with
NX> 500 ERROR: Cannot start service: nxserver NX> 500 Authentication as user nx using the NX SSH key-pair failed. NX> 500 This may be due to the configuration of your SSH server. Please NX> 500 ensure that the location and file name of the SSH authorized NX> 500 keys is the same in both the SSHD and NX server configuration NX> 500 files and that the nx user is listed among the accepted users NX> 500 in the SSHD configuration file. NX> 999 Bye.
Got seriously frustrated, because all seemed well according to documentation. Well, it seems like there is one important step missing – renaming or copying
If you don’t do that, nxserver will happily continue to use its prior key (which makes sense I guess, you aren’t going into production with new keys the second you generate them) while the nx user will already have the new keys in place.
So basically the procedure is:
# /etc/init.d/nxserver stop # /usr/NX/bin/nxserver --keygen # chown nx:root /usr/NX/home/nx/.ssh/authorized_keys2 # chmod 0644 /usr/NX/home/nx/.ssh/authorized_keys2 # chown nx:root /usr/NX/home/nx/.ssh/default.id_dsa.pub # chmod 0644 /usr/NX/home/nx/.ssh/default.id_dsa.pub # cp /usr/NX/share/keys/default.id_dsa.key /usr/NX/share/keys/server.id_dsa.key # /etc/init.d/nxserver start
Of course, your client(s) will also need to import the new server key.