Cannot login with key using nx protocol

[stshadow]

When I try to set up key login using https://www.nomachine.com/AR02L00785 – it doesn’t work for me.

I have ~/.nx/config/authorized.crt with my ssh-rsa public key, but at nxserver.log I see:

2016-06-08 14:24:38 852.069 13894 NXSERVER Going to call NXProcessRemove(14329)
2016-06-08 14:24:38 852.562 13894 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –cat –user username –path config/authorized.crt’ with pid ‘14329/14329’ finished with exit code 1 after 0,63 seconds.
2016-06-08 14:24:38 852.723 13894 NXSERVER nxDefaultExitCodeHandler: process with pid 14329 just died with exit code ‘1’.
2016-06-08 14:24:38 853.170 13894 NXSERVER NXRunCommand: process ‘14329’ exit status was ‘1’
2016-06-08 14:24:38 853.376 13894 NXSERVER NXRunCommand: process ‘14329’ stderr was ”
2016-06-08 14:24:38 853.515 13894 NXSERVER NXRunCommand: return: 1
2016-06-08 14:24:38 853.867 13894 NXSERVER _getSupportedKeys nxexec exit code [1], output [], error [NX> 500 Error: Cannot stat file: /home/username/.nx/config/authorized.crt.\n]
2016-06-08 14:24:38 854.066 13894 NXSERVER __getSupportedKeys return:0
2016-06-08 14:24:38 854.307 13894 NXSERVER Client public key not recognized.
2016-06-08 14:24:38 854.487 13894 NXSERVER Client request not accepted.
2016-06-08 14:24:38 855.699 13894 NXSERVER Handler exit.

$ ls -la ~/.nx/config/
total 12K
drwx——+ 2 username ddd    4 Jun  8 07:22 ./
drwx——+ 6 username ddd    6 Jun  8 07:17 ../
-rw——-+ 1 username ddd  414 Jun  8 07:21 authorized.crt
-rw——-+ 1 username ddd 7.0K Jun  8 07:17 player.cfg

 

[stshadow]

Any idea what’s wrong and how to fix it?

[Cato]

Hello stshadow,

Can you please show us the output of the following commands?

test -f /home/username/.nx/config/authorized.crt && echo “YES” || echo “NO”;

test -f /home/username/.nx/config/authorized.crt && echo “YES” || echo “NO”;

stat /home/username/.nx/config/authorized.crt;

[stshadow]

Hello Cato

Here is an output
02:01 username@remoteVM ~/.nx/config
$ test -f /home/username/.nx/config/authorized.crt && echo “YES” || echo “NO”;
YES

02:02 username@remoteVM ~/.nx/config
$ stat /home/username/.nx/config/authorized.crt;
File: `/home/username/.nx/config/authorized.crt’
Size: 414             Blocks: 2          IO Block: 8192   regular file
Device: 23h/35d Inode: 88762808    Links: 1
Access: (0600/-rw——-)  Uid: (1112939/username)   Gid: ( 8500/     dba)
Access: 2016-06-08 07:22:20.487798571 -0700
Modify: 2016-06-08 07:21:39.124950472 -0700
Change: 2016-06-08 07:24:17.627835320 -0700

 

First and second commands are the same ( test -f home/username<span class=.nx/config/authorized.crt && echo “YES” || echo “NO”; )

[Cato]

Hello stshadow,

I noticed that UID of your user is unusually high: 1112939. Is your system part of Kerberos, LDAP or Active Directory? Does it perhaps use dynamic mounting of user’s home directories (like AFS or NFS)?

[stshadow]

Kerberos, I believe.

Yes, user home is mounted with nfs.

[Cato]

Hello stshadow,

The problem with dynamically mounted home directories and keys authentication is that keys are placed inside home directory which is not mounted yet, so authentication can’t be completed. The workaround could be to configure automount so that home directory is mounted on first access attempt. We are also working on allowing keys path configuration to allow keys storage outside home directory: https://www.nomachine.com/FR07N03139.

[stshadow]

Hi Cato.

Ok. Got it. Thanks for explanation.

Not sure if I could change automount settings – I don’t have full control over VM, so for now I’ve just subscribed to FR.

[Author]

Posts