Unable to use key-based authentication when connecting from iPad to Pi

Forum / NoMachine for Raspberry Pi / Unable to use key-based authentication when connecting from iPad to Pi

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #52727
    MagikMarkerz
    Participant

    Hi there.  I’m new to the NoMachine app and it seems interesting, and like it will fit what I’m trying to do with my project.

    Right now, I’m able to use my iPad (Mini5) to connect to my Raspberry Pi (4) running NoMachine if I allow password-based authentication.  However, as a personal rule, I don’t allow password-based authentication to stay on my devices when key-based options are available.  I’ve been trying to get my iPad to use key-based authentication, but keep running into the error ‘Authentication failed, please try again’.

    I just reinstalled Raspbian today and installed NoMachine fresh on both the Pi and the iPad, so I’m on the latest free version of both.

    I found a thread that pointed me to this guide that looked like it would solve my problem, but did not.  I’ve tried connecting with the option to import the private key to the connection file both enabled and disabled, getting the same result.

    Please let me know what information you need from me and how to procure that.  Any assistance is appreciated.

    Thanks.

    #52745
    Britgirl
    Keymaster

    Hi, can you generate a fresh pair of keys (public/private), so that we can test them? Also logs from the tablet would be useful to start off with.

    If you can connect your iPad to a Mac, you can select it among Locations in Finder, then drag and drop the folder ‘nx’ in Files > NoMachine after reproducing the issue.

    Alternatively, you can open the Files application, select Browse > NoMachine, then compress and share the folder ‘nx’

    #52750
    MagikMarkerz
    Participant

    Okay, here’s what I did:

    1. Delete and recreate the ~/.nx/config/authorized.crt file so that no old keys could potentially get in the way.
    2. Recreated a new key for the tablet and sent it over to the ~/.ssh/authorized_keys file on the Raspberry Pi using Termius.
    3. Disabled password authentication in the sshd_config for the RasPi.
    4. Connected to the RasPi from the tablet to ensure that the key worked.
    5. Once confirmed that the private/public keys were working, I copied the tablet’s public key from the authorized_keys file to the authorized.crt file.
    6. Copied the private key from Termius and placed it in a file then saved it into a folder on the tablet.
    7. Adjusted the /usr/NX/etc/server.cfg file to allow both NX keys and NX password.
    8. Restarted the NX Server.
    9. Connected to the RasPi using username/password to ensure a connection could be established.
    10. Disconnected and then tried reconnecting using key-based authentication and selecting the file that I made earlier with the private key (Note: Import the private key to the connection file has been set to OFF).
    11. Received the following error: Authentication failed, please try again.
    12. Connected my tablet to my Macbook and followed your instructions to copy/compress the nx folder.  I’ve attached that compressed file to this response.

    Hopefully that gives you everything that you’re looking for.  Please let me know if there’s anything else you need.

    Thanks for the help.

    Attachments:
    #52791
    Britgirl
    Keymaster

    The key-pair that you generated would be useful for our own tests, but we’ll take a look at the logs in the meantime and come back to you.

    #52794
    MagikMarkerz
    Participant

    I can share the key-pair if that would be beneficial, but I’d prefer a more discrete way of doing so, like email.  Let me know if you need it.

    #52811
    katpan
    Participant

    Hello,

    Send the key-pair to forum[at]nomachine[dot]com. Please use the title of this topic as the subject of your email.

    Thanks!

    #52862
    Britgirl
    Keymaster

    In the meantime we have tried to reproduce, without success, so it’s possible that the keys you are using are corrupt in some way, that’s why it would be useful for us to receive them, so we can also test them.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Please login .