2FA not notifying when login attempted on remote machine

Forum / NoMachine for Linux / 2FA not notifying when login attempted on remote machine

Tagged: ,

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #53561
    prestonmcafee
    Participant

    I have several home PCs that I access remotely through NoMachine, which has been a terrific product.  I’m as of today on the free home user NoMachine, version 9.0.188.  All PCs are running Ubuntu 24.04, GNOME desktop, and my phone is a Pixel 8 pro, Android 16.

    Today I upgraded to version 9, installed the phone app, and created an account on my phone.  On the PC I want to access remotely, I set Settings/Network/Machine to 2FA enabled.  Then when I try to access from a laptop, it says a 2FA notification is requested, but the request does not show up on my phone.  I have tried waiting and also tried resending the request.  However, if I choose Settings/Network/Login and enable 2FA there, when I log into NoMachine on that PC, I receive the request on my phone and accepting it is necessary to log in.  Receiving the request to login suggests that I have properly configured my user account and 2FA, but then why doesn’t it trigger when a remote access event arises?

    If I turn off 2FA on Settings/Network/Machine in the remote machine, I have no difficulty accessing the machine.  So it isn’t a problem with remote access, just in receiving the 2FA request.

    I have my account as a user on all instances of NoMachine, and all of my PCs appear in the list of machines.  The PCs are currently all on the same LAN and see each other (showing up in the list of machines).  In all cases I use the NX protocol over port 4000.

    I’m the only user — I primarily use NoMachine to log into my home PCs when I’m travelling.  I also use it to reach the PC that runs Docker since that doesn’t have a monitor, even when I’m home.  I love the idea of preventing anyone else from logging in via 2FA — my network is scanned for open ports daily and only ports leading to NoMachine are open.  Does it matter that there is only one user?

    What else should I try?  Thank you.

    #53643
    Britgirl
    Keymaster

    Just to update you, we have received your email with your User Id details and will come back to you with our findings soon.

    #53663
    Britgirl
    Keymaster

    We found your machine and User Id paired. This means you approved the pairing request on your phone. We don’t understand why the push notifications are not appearing. Can you send us the logs from the server machine?

    – set log level 8 on the server
    – restart nxserver
    – reproduce the problem
    – take logs

    For full instructions see here: https://kb.nomachine.com/DT08U00298#1

    Also useful would be to see a screenshot (send privately) of Settings -> Network -> Machine.

    #53668
    prestonmcafee
    Participant

    First, thank you!  I couldn’t attach the log because it exceeds the allowed file size.  It is 2.5MB.

    #53675
    Britgirl
    Keymaster

    Sorry I forgot to mention that you can send direct to forum[at]nomachine[dot]com.

    #53678
    Britgirl
    Keymaster

    Got them!

    #53693
    Britgirl
    Keymaster

    In the logs you sent it seems that you did not fully pair the target machine with your account. We can see that between timestamps of your pairing request and a later connection request, there were no push notification confirmation responses from any mobile device.

    We are going to add some additional logging to our Network back which will allow us to debug further. When that is ready we will ask you to try again. Until then please confirm that you did truly pair the device with the target machine, which is:

    – after inserting the email address in the 2FA machine configuration window, you received a push notification on your phone asking you to accept/refuse receiving notifications regarding that machine.

    – that you accepted this notification and see a success message.

    – then you tried to connect to your computer after you accepted pairing on the phone.

     

    #53699
    prestonmcafee
    Participant

    I now have 2FA fully working.
     
    What happened to me was that, when I enabled 2FA for remote login, I would see a notice on my phone that remote login was enabled.  It wasn’t obvious to me that I should click on that notice, which then asked me to accept.  It is that step — click and accept — that enables the phone to be a 2FA approver.  Without that, 2FA is enabled but the phone can’t approve it.
     
    In contrast, when I required 2FA for the machine to login on startup, it was obvious to me to click on the notice, which is why that worked while remote login did not.
     
    I very much appreciate 2FA.  My main use case is a machine running Docker for self-hosted services like Frigate.  Whether I am at home or travelling, if I need to change something or update that machine, I log in remotely because that machine has no monitor or keyboard and is in an inconvenient location in my home.  In order to reach the machine when travelling, I need a port open and I very much appreciate the extra protection that 2FA provides.  My only open ports lead to NoMachine; otherwise all packets that are not responses to LAN requests are rejected by the router.  2FA also means that I’m warned about attempts to log in (none so far) and can reject.
     
    Thank you for such an intensive effort to diagnose my difficulty.  I expect I will be using NoMachine for many years to come.

    #53700
    Brian
    Participant

    I am experiencing this same phenomenon: do not receive push notifications and when asking to be re-sent, receive nothing. Happens with both an iPhone client and a MacBook Pro client attempting to connect to a MacMini M1 server.

    As to the above:

    – after inserting the email address in the 2FA machine configuration window, you received a push notification on your phone asking you to accept/refuse receiving notifications regarding that machine. [Never received]

    – that you accepted this notification and see a success message. [No, as never received]

    – then you tried to connect to your computer after you accepted pairing on the phone. [Same as above].

     

     

    #53708
    Britgirl
    Keymaster

    Thanks Prestonmcafee for submitting your feedback. I understand that now everything is working correctly, which is good  news. We’ll be looking at how to make the “accept pop up” more visible and will analyse how to improve the configuration of 2FA overall, including the wording.

    #53709
    Britgirl
    Keymaster

    Brian, can you write to us privately to confirm what User Id you are using for the 2FA connection request? We will check to see if there was a pairing request.

    #53727
    Tor
    Participant

    @Brian can you please verify that your iPhone is still allowing NoMachine to show notifications? You can check that in Settings > Notifications  > NoMachine.

    If the system configuration is correct, please try to login to Network in the NoMachine app and verify if you get the notification. If the app awaits for a 2FA confirmation but you still don’t get the notification, login by using your recovery code then, once logged in, disable and enable again the option to receive notifications in NoMachine app > Settings > Network.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic. Please login .