Forum / NoMachine for Mac / Key-based login fails (with working key)
Tagged: authentication, key-based
- This topic has 4 replies, 3 voices, and was last updated 10 years, 2 months ago by heywood.
-
AuthorPosts
-
October 20, 2014 at 21:31 #5044heywoodParticipant
Trying to connect from a machine running Ubuntu 12.04 to a machine running OS X 10.9. Both boxes are running NX 4.3.24 and are on the same LAN. Usernames on the two machines are *different* (say, username_ubuntu and username_macosx).
Connection from Ubuntu box to OS X box using password-based authentication works fine (by entering U/P = username_macosx/password_macosx into the NX client window). But doing the same thing using key-based authentication fails. Relevant excerpt from connection log:
> 4215 4215 11:25:55 695.424 ClientSession: Started session at 0xa049408.
> Info: Connection to 192.168.1.3 port 4000 started at 11:25:55 799.182.
> 4215 4280 11:25:56 761.449 ClientSession: A valid certificate for this server was found.
> 4215 4280 11:26:08 702.764 DaemonLogin/DaemonLogin: ERROR! Error in context[B].
> Error: Error in context[B].
> 4215 4280 11:26:08 703.480 DaemonLogin/DaemonLogin: ERROR! Error message ‘Cannot accept public key.’.
> Error: Error message ‘Cannot accept public key.’.
> 4215 4275 11:26:08 707.611 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.
> 4215 4275 11:26:08 707.887 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 1, ‘Operation not permitted’.
> Warning: Connection to 192.168.1.3 port 4000 failed at 11:26:08 708.085.The confusing thing is that “ssh -l username_macosx 192.168.1.3” from the command line on the Ubuntu box works fine. I think I’ve tried every combination of username and passphrase in the NX connection config on the Ubuntu box (username_ubuntu, username_macosx; password_ubuntu, password_macosx, key_passphrase_ubuntu, [blank passphrase]), and none of them work — I get the above error every time.
(For what it’s worth, I tried changing the passphrase on the private half of the keypair on the Ubuntu box, and I know that this works — when I do so and then connect to the OS X box via ssh, the new passphrase is required to get the connection to succeed.)
Can anyone suggest some further debugging steps?
Thanks in advance,
-H
October 20, 2014 at 21:34 #5051BilbotineParticipantHi Heywood,
If you are using NX protocol, maybe you put the public key in the wrong place ?
Please follow the procedure described in the article “How to set up key based authentication with NX protocol” (https://www.nomachine.com/AR02L00785) and let us know if you encounter further problems.
Best regards.
October 21, 2014 at 08:24 #5062heywoodParticipantHi Bilbotine,
Thanks for that! I had indeed copied the client’s public key to the wrong place on the server (~/.ssh/authorized_keys instead of ~/.nx/config/authorized.crt).
Unfortunately, fixing that now causes a different login failure: when I configure the client (on the Ubuntu side) and try to connect, I momentarily see the first of the informational panels (audio streaming stuff), as if the login has completed successfully… followed about 1 second later by “The connection with the server was lost. Error is 5: Input/output error.” The relevant(?) part of the logfile now looks like this:
> 21127 21127 19:10:43 540.213 ClientDaemonConnector: Starting a new connection to host ‘192.168.1.3’ on port ‘4000’.
> 21127 21127 19:10:43 540.496 Connection: Started connection at 0x97c13d8.
> 21127 21127 19:10:43 550.571 ClientSession: Started session at 0x95bfc68.
> Info: Connection to 172.31.1.153 port 4000 started at 19:10:43 622.470.
> 21127 21187 19:10:44 584.931 ClientSession: A valid certificate for this server was found.
> 21127 21127 19:10:50 623.190 ClientSession: Going to query for available services.
> 21127 21127 19:10:50 757.749 UiRemoteSessionList: Going to automatically select the first session.
> 21127 21127 19:10:50 758.085 ClientSession: Selecting the destination node.
> 21127 21127 19:10:50 778.602 ClientSession: Going to query for available services.
> 21127 21127 19:10:50 829.791 ClientSession: Going to attach session at index ‘0’.
> 21127 21127 19:10:50 830.680 Keyboard: Current model ‘evdev’ session model ‘evdev’ layout ‘us’ variant ‘(empty)’ options ‘(empty)’.
> 21127 21127 19:10:52 192.575 ClientSession: Stopping the connector before creating the proxy.
> 21127 21127 19:10:52 194.965 ClientDaemonConnector: Stopping the current connection.
> Info: Slave server running with pid 21193.
> Info: Display running with pid 21194.
> Info: Listening to slave connections on port 13002.
> Session: Starting session at Mon Oct 20 19:10:52 2014.
> 21127 21127 19:10:52 335.987 Connection: Stop reading after switching the connection.
> 21127 21196 19:10:52 788.132 ProxySession/ProxySession: ERROR! Session failure in stage ‘StageWaitingProxyVersion’.
> Error: Session negotiation failure.
> 21127 21196 19:10:52 788.505 ProxySession/ProxySession: ERROR! We possibly provided a wrong version
> 21127 21196 19:10:52 788.518 ProxySession/ProxySession: ERROR! or an invalid session authentication cookie.
> Error: Connection closed by the remote peer.
> Session: Session terminated at Mon Oct 20 19:10:52 2014.
> 21127 21194 19:10:52 789.709 Encryptor/Encryptor: WARNING! Destroying pending buffer with 89 bytes.
> 21127 21127 19:10:52 816.239 ClientSession: Exiting from the client transport loop.
> 21127 21127 19:10:52 816.481 ClientSession: The transport closed with reset ‘1’ error ‘5’.
> 21127 21127 19:10:52 816.729 ClientSession: Session at 0x95bfc68 failed.
> 21127 21127 19:10:52 816.921 ClientSession: Failing reason is ‘The connection with the server was lost. Error is 5: Input/output error.’.Could this be a permissions issue? On both the client (Ubuntu) and server (OSX), I have the following permissions:
~/.nx 700
~/.nx/config 700
~/.nx/config/{authorized.crt, client.crt, player.cfg} 600For the client-side key I’m using to log in to the server:
~/.ssh 700
~/.ssh/id_rsa 600
~/.ssh/id_rsa.pub 644 [the contents of this file are what I copied to ~/.nx/config/authorized.crt on the host]I’m not sure where else to look… can you spot anything obviously wrong here?
Thanks very much in advance for your help!
Regards,
-H
October 22, 2014 at 09:25 #5105rezaParticipantRegarding second issue, please follow the instructions in https://www.nomachine.com/AR07K00677 to gather all logs and send them to forum[at]nomachine[dot]com.
October 23, 2014 at 08:20 #5126heywoodParticipantHi Reza,
Thanks for the link. A reboot seems to have solved the problem for now, but if the “Error 5” stuff reappears reliably, I’ll send a copy of the logs to issues@ as you suggest.
-H
-
AuthorPosts
This topic was marked as solved, you can't post.