Cannot accept public key when connecting to EC2 instance running RHEL

[pvn]

Hi,

I am trying to configure NOMACHINE on an E2C instance running RHEL 7.1. using a NOMACHINE client on OS X Yosemite
The following steps have been taken to configure the E2C instance

###############################
Install GNOME Desktop
###############################
sudo -s
yum groupinstall ‘Server with GUI’

###############################
Install nomachine on headless server
###############################
# https://www.nomachine.com/AR10K00710&an=install%20nomachine%20linux
# https://www.nomachine.com/DT09K00056
# https://www.nomachine.com/AR02L00785

# Install nomachine on server
sudo -s
cd /var/tmp
wget http://download.nomachine.com/download/4.6/Linux/nomachine_4.6.16_1_x86_64.rpm
rpm -ivh nomachine_4.6.16_1_x86_64.rpm
rm /var/tmp/nomachine_4.6.16_1_x86_64.rpm
exit

# Enable the optional content repository
sudo -s sed –in-place -e ‘/rhui-REGION-rhel-server-optional/,/rhui-REGION/  s/\(enabled=\).*/\11/ ‘ /etc/yum.repos.d/redhat-rhui.repo

# Install Xvfb
sudo yum install xorg-x11-server-Xvfb

sudo -s
# Create a random cookie (a 16-hex-digit string)
COOKIE=ps -ef | md5sum | cut -f 1 -d " "
# Create Xvfb authority file
AUTHFILE=$HOME/Xvfb-0.auth
xauth -f $AUTHFILE add :0 MIT-MAGIC-COOKIE-1 $COOKIE
# Add the cookie to the user’s authority file
xauth add :0 MIT-MAGIC-COOKIE-1 $COOKIE
# Run Xvfb with 24-bit screen depth
Xvfb :0 -auth $AUTHFILE -screen 0 1024x768x24 &
# Run the desktop environment
DISPLAY=:0 nohup /etc/gdm/Xsession gnome-session &

# Restart the NoMachine server
/usr/NX/bin/nxserver –restart
exit

 

##
## Setup SSL tunnel on client side for NoMachine
##  client                                    E2C
##  localhost:4003 <- SSL:22 –> E2C instance:4000
##

# https://www.nomachine.com/AR10K00728
## setup a SSH Tunnel IP Traffic on the localhost port 4003 is tunnelled to the E2C instance to port 4000
ssh -L 4003:localhost:4000 -i location/to/e2c/privatekey.pem ec2-user@56.77.43.164

## Replace default SSH keys on E2C instance
## https://www.nomachine.com/AR01C00126
sudo -s
/usr/NX/bin/nxserver –keygen
chown nx:root  /var/NX/nx/.ssh/default.id_dsa.pub
chmod 0644    /var/NX/nx/.ssh/default.id_dsa.pub
cp /usr/NX/share/keys/server.id_dsa.key /var/NX/nx/.ssh/authorized_keys
chown nx:root  /var/NX/nx/.ssh/authorized_keys
chmod 0644    /var/NX/nx/.ssh/authorized_keys
## Add new public key to authorized.crt for user nx
sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >> /var/NX/nx/.nx/config/authorized.crt
chown nx:root /var/NX/nx/.nx/config/authorized.crt
chmod 0644    /var/NX/nx/.nx/config/authorized.crt
## Add new public key to authorized.crt of ec2-user
mkdir /home/ec2-user/.ssh/config
sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >>  /home/ec2-user/.ssh/config/authorized.crt
chown ec2-user:root /home/ec2-user/.ssh/config/authorized.crt
chmod 0644    /home/ec2-user/.ssh/config/authorized.crt
On the client i create a new private key by copying the content of the file /usr/NX/share/keys/default.id_dsa.key, eg. nomachine.pem
Then i try to connect to the E2C instance using the following connection settings

Name: Test
Protocol: NX
Host: localhost
Port: 4003
Private Key: nomachine.pem (with correct path)
Username: ec2-user
Passphrase: <empty>

When trying to connect i keep getting the ‘Cannot accept public key’ error.

When connecting, the nxd.log does not show any errors;

Info: Connection from ::1 port 36607 accepted on Fri Sep 25 08:30:10 2015.
Info: Connection from ::1 port 36607 process 16483 started on Fri Sep 25 08:30:10 2015.
Info: Connection from ::1 port 36607 process 16483 closed on Fri Sep 25 08:30:13 2015.

nxerror.log;

Info: Handler started with pid 16514 on Fri Sep 25 08:31:30 2015.
Info: Handling connection from ::1 port 36608 on Fri Sep 25 08:31:30 2015.
Info: Connection from ::1 port 36608 closed on Fri Sep 25 08:31:32 2015.
Info: Handler with pid 16514 terminated on Fri Sep 25 08:31:32 2015.

Any ideas what i have been configuring wrong ?

Cheers,

Peter

[Haven]

Hello pvn,
This step: ## Replace default SSH keys on E2C instance is not necessary.
NoMachine (free) does not support SSH protocol.

After setting up a tunnel to the E2C instance, you should try to connect
using the following connection settings:

Protocol: NX
Host: localhost
Port: 4003
Authentication method: Password
Username: ec2-user
Password: ***

If you want to access ‘E2C instance’ with key based authentication
please follow the article: https://www.nomachine.com/AR02L00785

The crucial is to add public key to: /home/ec2-user/.nx/config/authorized.crt
Then should try to connect using the following connection settings:

Protocol: NX
Host: localhost
Port: 4003
Authentication method: Private-key
Private Key: nomachine.pem (with correct path)
Username: ec2-user
Passphrase: <empty>

[pvn]

After staring 2 hours to this issue, found the mistake. Chose wrong location  for the authorized.crt (while doing it correct for the nx user…)

## Add new public key to authorized.crt of ec2-user

mkdir -p /home/ec2-user/.nx/config
sed ‘s/.*[[:space:]]\(ssh-dss[[:space:]][^[:space:]]*\).*/\1/’ /var/NX/nx/.ssh/default.id_dsa.pub >>  /home/ec2-user/.nx/config/authorized.crt
chown ec2-user:root /home/ec2-user/.nx/config/authorized.crt
chmod 0644    /home/ec2-user/.nx/config/authorized.crt

[Author]

Posts