- This topic has 6 replies, 4 voices, and was last updated 9 years, 10 months ago by
.
-
Posts
-
I’m using NoMachine free 4.2.27 on an ubuntu server and I’m logging in from a windows 8 client. Logging in with password works fine but trying to do this using private key authentication fails. First I’ve been trying to use the default key but I get the following error message:
Error: Cannot accept public key
I’ve followed the instructions from
https://www.nomachine.com/AR02L00785
In the /usr/NX/var/log/server.log file I can see something like:
isSupportedPublicKey FAIL
checkClientRequest KEY NOT supported
Does this mean the key verification failed or that key authentication is not supported by the server?
Hello lorandsm,
debug message: ‘isSupportedPublicKey FAIL’ means that server failed to find public key in ‘<user’s home>/.nx/config/authorized.crt’ file.
Please make sure that public key was correctly added to that file. You can do it by: execute ‘cat authorized.crt’ in ‘<user’s home>/.nx/config’ and check if public key is there.
Also check if NoMachine server can access that file. File should be readable for ‘<user’s home>’ owner.If issue persist please send ‘ls -la’ output from ‘<user’s home>/.nx/config/’ and nxserver.log file (with nxserver logs enabled) on forum[at]nomachine[dot]com.
Problem solved. The issue was that I simply copied /var/NX/nx/.ssh/default.id_dsa.pub to ‘<user’s home>/.nx/config/authorized.crt’ and the entry contained something like:
no-port-forwarding,no-agent-forwarding,command=”/etc/NX/nxserver –login” ssh-dss AAAAB3Nza …
With this entry the authentication didn’t work. After I deleted no-port-forwarding,no-agent-forwarding,command=”/etc/NX/nxserver –login” from the front of the public key, it worked.
Also, I have a question related to restricting the authentication type of a user. By running the following command:
nxserver –uaserauth <user name>
give the authentication type of the user, which in my case returns system. I want to restrict the user to use only authentication via private/public key but I couldn’t find a way to do that. The link
https://www.nomachine.com/DT12I00014
doesn’t say how to impose such restrictions.
Actually I found a workaround to block users to use password log in. The trick is to enable user DB and password DB but not adding any user to the NX database.
Once we’ve implemented the possibility to set the authentication method available, this workaround won’t be necessary and is only temporary.
We created Feature Request: https://www.nomachine.com/FR09L02825 to make it possible.I’ll chime in with a “vote” for this FR. As it is, whether a public-facing server uses NX or SSH, it’s still (somewhat) susceptible to brute-force password guessing unless there’s a way to enforce key-only authentication. This would be a very welcome addition to NX.
-H
You can sign up to receive notification of when this FR has been implemented. Follow the link https://www.nomachine.com/FR09L02825 and add your email address. I will now close this topic.
This topic was marked as closed, you can't post.