NoMachine 6.2.4_1 RSA key issue

Forum / NoMachine for Windows / NoMachine 6.2.4_1 RSA key issue

Tagged: 

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #19714
    ifyffe
    Participant

    Hi,

    I’m trying to configure RSA key ID between two Windows 10 hosts.

    I performed 2 fresh installs, and confirmed I can connect using the usual Windows account password auth.

    Then I followed this guide for setting up RSA key access.

    https://www.nomachine.com/AR02L00785

    To generate the RSA keys, I used ssh-keygen on Linux, and copied the files to the Windows computers.

    When I try to connect, I’m getting “the session negotiation failed.  Error: Cannot accept public key”.

    Here’s what I see on the server-side:
    C:\>type Users\enviro2\.nx\config\authorized.crt
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCt9OVNjYd9BZEkB/QpKMc+hHEYfd1gxA4gnntvPCnWkKk92zluDJhDmFu49GQtR+vnpvR69zv3B9jLdRdjCwsG2mNzUuSotkWMWMlIkJ8pTM/n3cLs6xq/WIM+VlUdB+HnntnoJm5poXS7+cQpZyUObPy2IRweLD5Q7csK4p/uXejXfpfpuQ5s3DeuHxKeUS1C8ZA0NuXeBvvlYsfEBOUzdfX+P92NbsRwMYWhkoaDvOYMkFtHHk4gJjvIJ6lQojSE42nfxg3wxfJoO74Ki7e/QjxuiDT6yKkNniH5WLbSQJhXtDQ1lIXk24zZ2gNAqKneVm/dY7sfrFLFY50mz5mv

    C:\>type ProgramData\NoMachine\var\log\nxserver.log
    2018-09-24 10:38:46 739.562  4120 NXSERVER Starting WS 6.2.4 and services.
    2018-09-24 10:38:46 803.137  4120 NXSERVER System information: Windows 10, standalone.
    2018-09-24 10:46:35 231.614 10780 NXSERVER WARNING! NXRunCommand: Timeout while waiting for command ‘C:\Program Files (x86)\NoMachine\\bin\\nxexec C:\Program Files (x86)\NoMachine\\bin\\nxexec –cat –user enviro2 –path config/authorized.crt’ response.
    2018-09-24 10:46:35 333.756 10780 NXSERVER WARNING! Process ‘C:\Program Files (x86)\NoMachine\\bin\\nxexec –cat –user enviro2 –path config/authorized.crt’ with pid ‘3396/932’ finished with exit code 4 after 30,134 seconds.

    C:\>type ProgramData\NoMachine\var\log\nxerror.log
    4120 6440 10:38:56 511.289 ServerNetworkInfoHandler: WARNING! Obtaining network data failed.
    Info: Server process running with pid 3956.
    Info: Handler started with pid 10780 on Mon Sep 24 10:46:03 2018.
    Info: Handling connection from 10.1.2.28 port 50221 on Mon Sep 24 10:46:03 2018.
    Error: Cannot send request to NXLSA package.
    Error code is : 0.
    Package’s response is : 0xc0000001.
    Error: Cannot cat file ‘config/authorized.crt’ from user ‘enviro2’.
    10780 12168 10:46:35 231.614 Monitor/FileReadMonitor: WARNING! Canceling busy thread 11172 for FD#7.
    Info: Connection from 10.1.2.28 port 50221 closed on Mon Sep 24 10:46:35 2018.
    Info: Handler with pid 10780 terminated on Mon Sep 24 10:46:35 2018.

    It seems like the issue is that the daemon can’t read the authorized keys file, but I’m able to print it as both administrator and the user in question.  So I’m not sure how to continue troubleshooting.

    Thanks for any advice

    #19727
    Cato
    Participant

    Hello ifyffe,

    Please, check if lsass.exe process is running in protected mode.

    To do so:

    1. Download and install Process Explorer using this link:

    https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

    2. Start Process Explorer as Administrator.

    3. Double click on lsass.exe process and check the value of ‘Protected’ in ‘Security’ tab.

    #19737
    ifyffe
    Participant

    Hi Cato,

    Thanks for the reply.

    lsass.exe security tab says

    Protected: no

    #19780
    Guro
    Contributor

    Hello

    Currently we are unable to reproduce this issue in our test environment.

    To take more detailed information of lsass to the NoMachine service, we need to prepare a debug package. Would it be possible for you to install this NoMachine package and then and send us the logs to us for further analysis?

    #19948
    tylerXMD
    Participant

    I had this same issue.  I even used the process explorer and saw that lsass.exe was not running in protected mode.  I resolved my issue and it does appear to be an issue on NoMachine’s side.  My versions are Windows 6.3.6 server and Debian 6.3.6 client.

    The issue I had was that the key was in the new format (i.e. I used ‘-o’ when creating the key).

    The workaround was that I created a new key pair (without the ‘-o’ flag), appended the new public key to the server authorized.crt, and now it is working.

    The solution would be for NoMachine to support the new key formats.

    Hope this helps in the meantime!

    #20378
    Britgirl
    Participant

    We have inserted a new Feature Request in the development roadmap:

    Adding support for ECDSA and ed25519 SSH key types
    https://www.nomachine.com/FR11P03735

    Please use the ‘notify me’ service to know when it has been implemented 🙂

Viewing 6 posts - 1 through 6 (of 6 total)

This topic was marked as closed, you can't post.