Home > rants, unix > /usr/NX/bin/nxserver –keygen … Please, I want the last two hours of my life back!

/usr/NX/bin/nxserver –keygen … Please, I want the last two hours of my life back!

October 27, 2011 Leave a comment Go to comments

As good as Nomachine’s NX is … the documentation is seriously confusing  and all over the place with some documents more complete than others.

I tried to check out their new 4.x preview just yet (oh, and no, it’s definitely not ready for production), and as I always do, generate my own keys to go with it. But after the usual /usr/NX/bin/nxserver –keygen, a restart failed with

NX> 500 ERROR: Cannot start service: nxserver
NX> 500 Authentication as user nx using the NX SSH key-pair failed.
NX> 500 This may be due to the configuration of your SSH server. Please
NX> 500 ensure that the location and file name of the SSH authorized
NX> 500 keys is the same in both the SSHD and NX server configuration
NX> 500 files and that the nx user is listed among the accepted users
NX> 500 in the SSHD configuration file.
NX> 999 Bye.

Got seriously frustrated, because all seemed well according to documentation. Well, it seems like there is one important step missing – renaming or copying

/usr/NX/share/keys/default.id_dsa.key

to

/usr/NX/share/keys/server.id_dsa.key

If you don’t do that, nxserver will happily continue to use its prior key (which makes sense I guess, you aren’t going into production with new keys the second you generate them) while the nx user will already have the new keys in place.

So basically the procedure is:

# /etc/init.d/nxserver stop
# /usr/NX/bin/nxserver --keygen
# chown nx:root /usr/NX/home/nx/.ssh/authorized_keys2
# chmod 0644 /usr/NX/home/nx/.ssh/authorized_keys2
# chown nx:root /usr/NX/home/nx/.ssh/default.id_dsa.pub
# chmod 0644 /usr/NX/home/nx/.ssh/default.id_dsa.pub 
# cp /usr/NX/share/keys/default.id_dsa.key /usr/NX/share/keys/server.id_dsa.key
# /etc/init.d/nxserver start

Of course, your client(s) will also need to import the new server key.

Categories: rants, unix Tags: ,
  1. Tom Richards
    December 20, 2012 at 5:27 pm | #1
    Reply | Quote

    life saver, you are a god…

  2. Ben
    January 24, 2013 at 2:01 pm | #3
    Reply | Quote

    For me your how to was the second part of how to fix the “Authentication as user nx using the NX SSH key-pair failed.” issue

    if this fix does not work check the auth.log:
    Jan 24 13:45:15 serverX sshd[2552]: User nx from localhost not allowed because none of user’s groups are listed in AllowGroups
    Jan 24 13:45:15 serverX sshd[2552]: Failed none for invalid user nx from 127.0.0.1 port 37498 ssh2

    If your got this output:
    -create a group and assign the user “nx” to it or assign “nx” to a existing group.
    -edit the sshd_config and add the group (containing “nx” as member) to the allowed groups “AllowGroups”
    -reload ssh “/etc/init.d/ssh reload”

    Start Gordon Schulz Keygen procedure …

    have fun ;)

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: