Forum / NoMachine for Linux / Cannot accept public key when connecting to EC2 instance running RHEL
- This topic has 2 replies, 2 voices, and was last updated 9 years, 1 month ago by Haven.
-
AuthorPosts
-
September 25, 2015 at 14:14 #8353pvnParticipant
Hi,
I am trying to configure NOMACHINE on an E2C instance running RHEL 7.1. using a NOMACHINE client on OS X Yosemite
The following steps have been taken to configure the E2C instance###############################
Install GNOME Desktop
###############################
sudo -s
yum groupinstall ‘Server with GUI’###############################
Install nomachine on headless server
###############################
# https://www.nomachine.com/AR10K00710&an=install%20nomachine%20linux
# https://www.nomachine.com/DT09K00056
# https://www.nomachine.com/AR02L00785# Install nomachine on server
sudo -s
cd /var/tmp
wget http://download.nomachine.com/download/4.6/Linux/nomachine_4.6.16_1_x86_64.rpm
rpm -ivh nomachine_4.6.16_1_x86_64.rpm
rm /var/tmp/nomachine_4.6.16_1_x86_64.rpm
exit# Enable the optional content repository
sudo -s sed –in-place -e ‘/rhui-REGION-rhel-server-optional/,/rhui-REGION/ s/\(enabled=\).*/\11/ ‘ /etc/yum.repos.d/redhat-rhui.repo# Install Xvfb
sudo yum install xorg-x11-server-Xvfbsudo -s
# Create a random cookie (a 16-hex-digit string)
COOKIE=ps -ef | md5sum | cut -f 1 -d " "
# Create Xvfb authority file
AUTHFILE=$HOME/Xvfb-0.auth
xauth -f $AUTHFILE add :0 MIT-MAGIC-COOKIE-1 $COOKIE
# Add the cookie to the user’s authority file
xauth add :0 MIT-MAGIC-COOKIE-1 $COOKIE
# Run Xvfb with 24-bit screen depth
Xvfb :0 -auth $AUTHFILE -screen 0 1024x768x24 &
# Run the desktop environment
DISPLAY=:0 nohup /etc/gdm/Xsession gnome-session &# Restart the NoMachine server
/usr/NX/bin/nxserver –restart
exit##
## Setup SSL tunnel on client side for NoMachine
## client E2C
## localhost:4003 <- SSL:22 –> E2C instance:4000
### https://www.nomachine.com/AR10K00728
## setup a SSH Tunnel IP Traffic on the localhost port 4003 is tunnelled to the E2C instance to port 4000
ssh -L 4003:localhost:4000 -i location/to/e2c/privatekey.pem ec2-user@56.77.43.164## Replace default SSH keys on E2C instance
## https://www.nomachine.com/AR01C00126
sudo -s
/usr/NX/bin/nxserver –keygen
chown nx:root /var/NX/nx/.ssh/default.id_dsa.pub
chmod 0644 /var/NX/nx/.ssh/default.id_dsa.pub
cp /usr/NX/share/keys/server.id_dsa.key /var/NX/nx/.ssh/authorized_keys
chown nx:root /var/NX/nx/.ssh/authorized_keys
chmod 0644 /var/NX/nx/.ssh/authorized_keys
## Add new public key to authorized.crt for user nx
sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >> /var/NX/nx/.nx/config/authorized.crt
chown nx:root /var/NX/nx/.nx/config/authorized.crt
chmod 0644 /var/NX/nx/.nx/config/authorized.crt
## Add new public key to authorized.crt of ec2-user
mkdir /home/ec2-user/.ssh/config
sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >> /home/ec2-user/.ssh/config/authorized.crt
chown ec2-user:root /home/ec2-user/.ssh/config/authorized.crt
chmod 0644 /home/ec2-user/.ssh/config/authorized.crt
On the client i create a new private key by copying the content of the file /usr/NX/share/keys/default.id_dsa.key, eg. nomachine.pem
Then i try to connect to the E2C instance using the following connection settingsName: Test
Protocol: NX
Host: localhost
Port: 4003
Private Key: nomachine.pem (with correct path)
Username: ec2-user
Passphrase: <empty>When trying to connect i keep getting the ‘Cannot accept public key’ error.
When connecting, the nxd.log does not show any errors;
Info: Connection from ::1 port 36607 accepted on Fri Sep 25 08:30:10 2015.
Info: Connection from ::1 port 36607 process 16483 started on Fri Sep 25 08:30:10 2015.
Info: Connection from ::1 port 36607 process 16483 closed on Fri Sep 25 08:30:13 2015.nxerror.log;
Info: Handler started with pid 16514 on Fri Sep 25 08:31:30 2015.
Info: Handling connection from ::1 port 36608 on Fri Sep 25 08:31:30 2015.
Info: Connection from ::1 port 36608 closed on Fri Sep 25 08:31:32 2015.
Info: Handler with pid 16514 terminated on Fri Sep 25 08:31:32 2015.Any ideas what i have been configuring wrong ?
Cheers,
Peter
September 25, 2015 at 16:22 #8360HavenParticipantHello pvn,
This step:## Replace default SSH keys on E2C instance
is not necessary.
NoMachine (free) does not support SSH protocol.After setting up a tunnel to the E2C instance, you should try to connect
using the following connection settings:Protocol: NX
Host: localhost
Port: 4003
Authentication method: Password
Username: ec2-user
Password: ***If you want to access ‘E2C instance’ with key based authentication
please follow the article: https://www.nomachine.com/AR02L00785The crucial is to add public key to: /home/ec2-user/.nx/config/authorized.crt
Then should try to connect using the following connection settings:Protocol: NX
Host: localhost
Port: 4003
Authentication method: Private-key
Private Key: nomachine.pem (with correct path)
Username: ec2-user
Passphrase: <empty>September 25, 2015 at 19:49 #8359pvnParticipantAfter staring 2 hours to this issue, found the mistake. Chose wrong location for the authorized.crt (while doing it correct for the nx user…)
## Add new public key to authorized.crt of ec2-user
mkdir -p /home/ec2-user/.nx/config
sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >> /home/ec2-user/.nx/config/authorized.crt
chown ec2-user:root /home/ec2-user/.nx/config/authorized.crt
chmod 0644 /home/ec2-user/.nx/config/authorized.crt -
AuthorPosts
This topic was marked as solved, you can't post.