Windows 10 server authentication key ERROR! Failed to read private key

Forum / NoMachine for Windows / Windows 10 server authentication key ERROR! Failed to read private key

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • January 6, 2024 at 12:34 #46618
    after
    Participant

    Hello,

    I have followed this tutorial to install a key authentication on my Windows 10 server: https://kb.nomachine.com/AR02L00785

    I connect to the server from a Linux system.

    Both systems have the same version installed: 8.10.1

    With password I can connect but with key it refuses my connection. The key is created exactly like in the article but at the end I added -C “COMMENT” but I guess this is not a problem because I use the same think on a Linux server and it is working fine.

    Log from user side (I have removed the IP and user):

    8282 8282 2024-01-06 11:18:07 520,442 ClientDaemonConnector: Starting a new connection to host ‘xxxxxxxxx’ on port ‘4000’.
    8282 8282 2024-01-06 11:18:07 520,482 Connection: Started connection at 0x2bdf420.
    8282 8282 2024-01-06 11:18:07 522,504 ClientSession: Started session at 0x2a22e60.
    Info: Slave server running with pid 8294.
    Info: Listening to slave connections on port 23442.
    8282 8282 2024-01-06 11:18:07 529,362 Main: Entering the GUI event loop.
    Info: Connection to XXXXXX port 4000 started at 11:18:07 589,250.
    8282 8303 2024-01-06 11:18:08 848,710 ClientSession: A valid certificate for this server was found.
    8282 8303 2024-01-06 11:18:15 580,396 Encryptor/Encryptable: ERROR! Failed to read private key.
    Error: Failed to read private key.
    8282 8303 2024-01-06 11:18:15 580,454 Encryptor/Encryptable: ERROR! SSL error is 151584876, ‘error:0909006C:PEM routines:get_name:no start line’.
    Error: SSL error is 151584876, ‘error:0909006C:PEM routines:get_name:no start line’.
    8282 8303 2024-01-06 11:18:15 580,478 DaemonLogin/DaemonLogin: ERROR! Cannot get certificate.
    Error: Cannot get certificate.
    8282 8282 2024-01-06 11:18:15 580,711 Connection: WARNING! Ignoring the I/O error and waiting for the daemon error reporting.
    8282 8287 2024-01-06 11:18:15 580,722 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.
    8282 8287 2024-01-06 11:18:15 580,737 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 1, ‘Operation not permitted’.
    Warning: Connection to XXXXXXX port 4000 failed at 11:18:15 580,741.
    Warning: Error is 1, ‘Operation not permitted’.
    8282 8282 2024-01-06 11:18:15 589,627 Connection: Connection at 0x2bdf420 failed.
    8282 8282 2024-01-06 11:18:15 589,651 ClientSession: Runnable at 0x2bdf420 caused the session at 0x2a22e60 to fail.
    8282 8282 2024-01-06 11:18:15 589,659 ClientSession: Failing reason is ‘Authentication failed for user XXX’.
    8282 8282 2024-01-06 11:18:15 589,999 Connection: Finishing connection at 0x2bdf420.

    I don’t understand why is not working…I even changed the permission to 777 on the key on user side.

    Thank you!

    January 9, 2024 at 15:44 #46666
    Britgirl
    Keymaster

    Hi,

    the steps work for us in our environment.

    Please tell us:

    – on which machine you generated the key

    – which openssh version is installed there

    – the exact command you used to generate that key

    Last thing to check on the server side (I understand from what you write that you are connecting to a Windows machine) is whether the .nx/config/authorized.crt file is correctly named, has the correct permissions (needs to be readable for All) and that the key is added correctly.

    January 22, 2024 at 09:54 #46780
    after
    Participant

    Hi Britgirl,

    – I have generated the key on my Linux pc.

    – OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 (I think between the time when I created the key and current version was an update done).

    – Command used: ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_nomachine

    Yes, I am connecting to a Windows machine.

    I used: “cat ~/.ssh/id_rsa_nomachine.pub >> ~/Desktop/authorized.crt” and I have copied this file to the windows server in “C:\Users\Username\.nx\config\authorized.crt

    SYSTEM + Administrators and User has full-control access on the file.

    Thanks!

    March 12, 2024 at 17:59 #47355
    Britgirl
    Keymaster

    Can you tell us if the workaround in the TR here helps?

    https://www.nomachine.com/TR05S10271

    As a temporary workaround inĀ  ‘Edit connection’ -> ‘Modify’ next to ‘Use key-based authentication with a key you provide’, do not check option ‘Import the private key to the connection file’ in the UI.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.