Forum / NoMachine for Linux / Login failure using NX authentication with key file
Tagged: nx ssh private key
- This topic has 6 replies, 4 voices, and was last updated 9 years, 11 months ago by Britgirl.
-
AuthorPosts
-
September 8, 2014 at 08:33 #4600lorandsmParticipant
I’m using NoMachine free 4.2.27 on an ubuntu server and I’m logging in from a windows 8 client. Logging in with password works fine but trying to do this using private key authentication fails. First I’ve been trying to use the default key but I get the following error message:
Error: Cannot accept public key
I’ve followed the instructions from
https://www.nomachine.com/AR02L00785
In the /usr/NX/var/log/server.log file I can see something like:
isSupportedPublicKey FAIL
checkClientRequest KEY NOT supported
Does this mean the key verification failed or that key authentication is not supported by the server?
September 8, 2014 at 12:35 #4612HavenParticipantHello lorandsm,
debug message: ‘isSupportedPublicKey FAIL’ means that server failed to find public key in ‘<user’s home>/.nx/config/authorized.crt’ file.
Please make sure that public key was correctly added to that file. You can do it by: execute ‘cat authorized.crt’ in ‘<user’s home>/.nx/config’ and check if public key is there.
Also check if NoMachine server can access that file. File should be readable for ‘<user’s home>’ owner.If issue persist please send ‘ls -la’ output from ‘<user’s home>/.nx/config/’ and nxserver.log file (with nxserver logs enabled) on forum[at]nomachine[dot]com.
September 11, 2014 at 08:09 #4635lorandsmParticipantProblem solved. The issue was that I simply copied /var/NX/nx/.ssh/default.id_dsa.pub to ‘<user’s home>/.nx/config/authorized.crt’ and the entry contained something like:
no-port-forwarding,no-agent-forwarding,command=”/etc/NX/nxserver –login” ssh-dss AAAAB3Nza …
With this entry the authentication didn’t work. After I deleted no-port-forwarding,no-agent-forwarding,command=”/etc/NX/nxserver –login” from the front of the public key, it worked.
Also, I have a question related to restricting the authentication type of a user. By running the following command:
nxserver –uaserauth <user name>
give the authentication type of the user, which in my case returns system. I want to restrict the user to use only authentication via private/public key but I couldn’t find a way to do that. The link
https://www.nomachine.com/DT12I00014
doesn’t say how to impose such restrictions.
September 12, 2014 at 09:10 #4650lorandsmParticipantActually I found a workaround to block users to use password log in. The trick is to enable user DB and password DB but not adding any user to the NX database.
September 12, 2014 at 09:41 #4657HavenParticipantOnce we’ve implemented the possibility to set the authentication method available, this workaround won’t be necessary and is only temporary.
We created Feature Request: https://www.nomachine.com/FR09L02825 to make it possible.October 27, 2014 at 08:57 #5180heywoodParticipantI’ll chime in with a “vote” for this FR. As it is, whether a public-facing server uses NX or SSH, it’s still (somewhat) susceptible to brute-force password guessing unless there’s a way to enforce key-only authentication. This would be a very welcome addition to NX.
-H
January 21, 2015 at 12:31 #6000BritgirlKeymasterYou can sign up to receive notification of when this FR has been implemented. Follow the link https://www.nomachine.com/FR09L02825 and add your email address. I will now close this topic.
-
AuthorPosts
This topic was marked as closed, you can't post.