Cannot accept public key when connecting to EC2 instance running RHEL

Forum / NoMachine for Linux / Cannot accept public key when connecting to EC2 instance running RHEL

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #8353
    pvn
    Participant

    Hi,

    I am trying to configure NOMACHINE on an E2C instance running RHEL 7.1. using a NOMACHINE client on OS X Yosemite
    The following steps have been taken to configure the E2C instance

    ###############################
    Install GNOME Desktop
    ###############################
    sudo -s
    yum groupinstall ‘Server with GUI’

    ###############################
    Install nomachine on headless server
    ###############################
    # https://www.nomachine.com/AR10K00710&an=install%20nomachine%20linux
    # https://www.nomachine.com/DT09K00056
    # https://www.nomachine.com/AR02L00785

    # Install nomachine on server
    sudo -s
    cd /var/tmp
    wget http://download.nomachine.com/download/4.6/Linux/nomachine_4.6.16_1_x86_64.rpm
    rpm -ivh nomachine_4.6.16_1_x86_64.rpm
    rm /var/tmp/nomachine_4.6.16_1_x86_64.rpm
    exit

    # Enable the optional content repository
    sudo -s sed –in-place -e ‘/rhui-REGION-rhel-server-optional/,/rhui-REGION/  s/\(enabled=\).*/\11/ ‘ /etc/yum.repos.d/redhat-rhui.repo

    # Install Xvfb
    sudo yum install xorg-x11-server-Xvfb

    sudo -s
    # Create a random cookie (a 16-hex-digit string)
    COOKIE=ps -ef | md5sum | cut -f 1 -d " "
    # Create Xvfb authority file
    AUTHFILE=$HOME/Xvfb-0.auth
    xauth -f $AUTHFILE add :0 MIT-MAGIC-COOKIE-1 $COOKIE
    # Add the cookie to the user’s authority file
    xauth add :0 MIT-MAGIC-COOKIE-1 $COOKIE
    # Run Xvfb with 24-bit screen depth
    Xvfb :0 -auth $AUTHFILE -screen 0 1024x768x24 &
    # Run the desktop environment
    DISPLAY=:0 nohup /etc/gdm/Xsession gnome-session &

    # Restart the NoMachine server
    /usr/NX/bin/nxserver –restart
    exit

     

    ##
    ## Setup SSL tunnel on client side for NoMachine
    ##  client                                    E2C
    ##  localhost:4003 <- SSL:22 –> E2C instance:4000
    ##

    # https://www.nomachine.com/AR10K00728
    ## setup a SSH Tunnel IP Traffic on the localhost port 4003 is tunnelled to the E2C instance to port 4000
    ssh -L 4003:localhost:4000 -i location/to/e2c/privatekey.pem ec2-user@56.77.43.164

    ## Replace default SSH keys on E2C instance
    ## https://www.nomachine.com/AR01C00126
    sudo -s
    /usr/NX/bin/nxserver –keygen
    chown nx:root  /var/NX/nx/.ssh/default.id_dsa.pub
    chmod 0644    /var/NX/nx/.ssh/default.id_dsa.pub
    cp /usr/NX/share/keys/server.id_dsa.key /var/NX/nx/.ssh/authorized_keys
    chown nx:root  /var/NX/nx/.ssh/authorized_keys
    chmod 0644    /var/NX/nx/.ssh/authorized_keys
    ## Add new public key to authorized.crt for user nx
    sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >> /var/NX/nx/.nx/config/authorized.crt
    chown nx:root /var/NX/nx/.nx/config/authorized.crt
    chmod 0644    /var/NX/nx/.nx/config/authorized.crt
    ## Add new public key to authorized.crt of ec2-user
    mkdir /home/ec2-user/.ssh/config
    sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >>  /home/ec2-user/.ssh/config/authorized.crt
    chown ec2-user:root /home/ec2-user/.ssh/config/authorized.crt
    chmod 0644    /home/ec2-user/.ssh/config/authorized.crt
    On the client i create a new private key by copying the content of the file /usr/NX/share/keys/default.id_dsa.key, eg. nomachine.pem
    Then i try to connect to the E2C instance using the following connection settings

    Name: Test
    Protocol: NX
    Host: localhost
    Port: 4003
    Private Key: nomachine.pem (with correct path)
    Username: ec2-user
    Passphrase: <empty>

    When trying to connect i keep getting the ‘Cannot accept public key’ error.

    When connecting, the nxd.log does not show any errors;

    Info: Connection from ::1 port 36607 accepted on Fri Sep 25 08:30:10 2015.
    Info: Connection from ::1 port 36607 process 16483 started on Fri Sep 25 08:30:10 2015.
    Info: Connection from ::1 port 36607 process 16483 closed on Fri Sep 25 08:30:13 2015.

    nxerror.log;

    Info: Handler started with pid 16514 on Fri Sep 25 08:31:30 2015.
    Info: Handling connection from ::1 port 36608 on Fri Sep 25 08:31:30 2015.
    Info: Connection from ::1 port 36608 closed on Fri Sep 25 08:31:32 2015.
    Info: Handler with pid 16514 terminated on Fri Sep 25 08:31:32 2015.

    Any ideas what i have been configuring wrong ?

    Cheers,

    Peter

    #8360
    Haven
    Participant

    Hello pvn,
    This step: ## Replace default SSH keys on E2C instance is not necessary.
    NoMachine (free) does not support SSH protocol.

    After setting up a tunnel to the E2C instance, you should try to connect
    using the following connection settings:

    Protocol: NX
    Host: localhost
    Port: 4003
    Authentication method: Password
    Username: ec2-user
    Password: ***

    If you want to access ‘E2C instance’ with key based authentication
    please follow the article: https://www.nomachine.com/AR02L00785

    The crucial is to add public key to: /home/ec2-user/.nx/config/authorized.crt
    Then should try to connect using the following connection settings:

    Protocol: NX
    Host: localhost
    Port: 4003
    Authentication method: Private-key
    Private Key: nomachine.pem (with correct path)
    Username: ec2-user
    Passphrase: <empty>

    #8359
    pvn
    Participant

    After staring 2 hours to this issue, found the mistake. Chose wrong location  for the authorized.crt (while doing it correct for the nx user…)

    ## Add new public key to authorized.crt of ec2-user

    mkdir -p /home/ec2-user/.nx/config
    sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >>  /home/ec2-user/.nx/config/authorized.crt
    chown ec2-user:root /home/ec2-user/.nx/config/authorized.crt
    chmod 0644    /home/ec2-user/.nx/config/authorized.crt

Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as solved, you can't post.