Chatter5352

Forum Replies Created

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • September 14, 2024 at 01:17 in reply to: Yubikey support #49666
    Chatter5352
    Participant

    If there are no security risks to installing the debug package, then I’m happy for you to send it to me and use it. What is the security reason for them to be disabled by default?

    I am using NoMachine 8.13.1 on my Mac client and the latest version on my Ubuntu device to be accessed. I have the free version so I guess that explains why ssh doesn’t work. Is there any way to use the Yubikey to protect the free version of NoMachine? Is the ssh tunnelling method I mentioned earlier in this thread sensible? That is:

    In the mean time I have found a possible workaround. This is to use the Yubikey to ssh tunnel the 4000 port to my localhost. Then I can connect to localhost using NoMachine. This works and may be an acceptable workaround, unless you see problems with this method? One possible issue is that I have found this connection less reliable than directly using NoMachine to the remote IP and port eg. session freezes and I have to reconnect. Is there a way to make the connection more stable with this approach?

    September 10, 2024 at 13:02 in reply to: Yubikey support #49607
    Chatter5352
    Participant

    Thanks! I just tried that change to ‘native’ and using path to key with key-based auth. It can find the server I think, but it gives the same error as before:

    Authentication failed, please try again.

     

    September 9, 2024 at 13:05 in reply to: Yubikey support #49593
    Chatter5352
    Participant

    Sorry for the delayed response (have been out of email contact), and for the misunderstanding! I use the -lowercasei option not -I (the forum autocorrected it and I can’t override that for some reason…). This is to specify my key file which is just a pointer to where the key is actually stored on the Yubikey as far as I understand.

    Does your advice still apply in that case?

    In the mean time I have found a possible workaround. This is to use the Yubikey to ssh tunnel the 4000 port to my localhost. Then I can connect to localhost using Nomachine. This works and may be an acceptable workaround, unless you see problems with this method? One possible issue is that I have found this connection less reliable than directly using Nomachine to the remote IP and port eg. session freezes and I have to reconnect. Is there a way to make the connection more stable with this approach?

    Thanks again for your help!

    August 30, 2024 at 13:11 in reply to: Yubikey support #49467
    Chatter5352
    Participant

    Sorry, I’m not sure what you mean by “poor ssh”? Here is the command I use for ssh, if that’s what you’re after:

    ssh -I /pathtokeyfile -p portnumber user@IPADDRESS

    Hopefully that helps! 

    August 27, 2024 at 13:44 in reply to: Yubikey support #49403
    Chatter5352
    Participant

    @dsholm:

    I have tried asking around Yubikey forums, but am yet to find a solution unfortunately..

    I can and do store my private keys on my Yubikey. This resident key approach works fine for ssh to this server for example!


    @Guro    :

    Thanks for taking the time to help with this, it’s very much appreciated!

    I don’t want to accidentally send private information in the log files. Can you point to me which files it is safe to send for this debugging?

    For now, here are some outputs whilst trying to login with the key method. Hopefully it helps:

    “438722 438722 2024-08-27 11:33:06 493.870 NXSERVER NXShell: Machine ‘NXLoginStateMachine’ is ready.

    438722 438722 2024-08-27 11:33:06 493.912 NXSERVER NXShell: Run state machines.

    438722 438722 2024-08-27 11:33:06 493.956 NXSERVER NXShell: Run state machine ‘NXLoginStateMachine’.

    438722 438722 2024-08-27 11:33:06 493.998 NXSERVER Login State Machine: State ‘publicKeyLogin’.

    438722 438722 2024-08-27 11:33:06 494.047 NXSERVER __setMode server

    438722 438722 2024-08-27 11:33:06 494.109 NXSERVER __setKeyAlgorithm RSA

    438722 438722 2024-08-27 11:33:06 494.254 NXSERVER NXMsg: Sent request message ‘NX> 250 Properties: publicKey required for labgateway port: 4000 service login: ‘

    438722 438722 2024-08-27 11:33:06 494.385 NXSERVER NXParser: adding handle ‘4’ FD#4 to the selector.

    438722 438722 2024-08-27 11:33:06 494.474 NXSERVER NXParser: adding handle ‘7’ FD#7 to the selector.

    438722 438722 2024-08-27 11:33:06 494.557 NXSERVER NXParser: main loop started with timeout inf.

    438722 438722 2024-08-27 11:33:06 494.619 NXSERVER NXParser: set timeout to : -1.

    243797 243870 2024-08-27 11:33:10 613.671 ServerPhysicalSession/ServerConnectOnDisplaySocket: ERROR! Can’t connect to socket @’/tmp/.X11-unix/X1′ proto UNIX.

    243797 243870 2024-08-27 11:33:10 613.712 ServerPhysicalSession/ServerConnectOnDisplaySocket: Error is 11, Resource temporarily unavailable.

    243797 243870 2024-08-27 11:33:11 849.237 ServerPhysicalSession/ServerConnectOnDisplaySocket: ERROR! Can’t connect to socket @’/tmp/.X11-unix/X1′ proto UNIX.

    243797 243870 2024-08-27 11:33:11 849.287 ServerPhysicalSession/ServerConnectOnDisplaySocket: Error is 11, Resource temporarily unavailable.

    243797 243870 2024-08-27 11:33:14 302.664 ServerPhysicalSession/ServerConnectOnDisplaySocket: ERROR! Can’t connect to socket @’/tmp/.X11-unix/X1′ proto UNIX.

    243797 243870 2024-08-27 11:33:14 302.707 ServerPhysicalSession/ServerConnectOnDisplaySocket: Error is 11, Resource temporarily unavailable.

    243797 243870 2024-08-27 11:33:22 412.104 ServerPhysicalSession/ServerConnectOnDisplaySocket: ERROR! Can’t connect to socket @’/tmp/.X11-unix/X1′ proto UNIX.  ”

    My keys are resident keys stored on the Yubikey. I do have the public keys in ~/.ssh/authorized_keys on the server I’m trying to access. I tried then using the ssh protocol and smart card reader method but got the following error:

    Could not connect to the server.

Error is 94: Bad message

    Very eager to try any other suggestions as I’d really like to get this up and running!

    August 24, 2024 at 01:01 in reply to: Yubikey support #49349
    Chatter5352
    Participant

    Thanks for your suggestion! I copied those files then tried logging in with “Key-based authentication with a key you provide” and pointed it to the key on my computer that points to the key on the Yubikey. I note that I am not using port 22 for ssh, will this be a problem?

    The login failed though. I also tried using the Nomachine GUI to ssh in, but also failed.

    Do you have further suggestions to get login secured with Yubikey without an online server involved?

     

    Here is the log output as requested:

    Info: Starting NoMachine version 8.12.12.

    Info: Loading settings from ‘/Users/me/.nx/config/player.cfg’.

    Info: Loaded translation files for ‘English’.

    68155 259 2024-08-24 09:22:56 071.013 Main: Creating the client session.

    68155 259 2024-08-24 09:22:56 071.085 ClientSession: Initializing session at 0x155837a00.

    68155 259 2024-08-24 09:22:57 152.145 ClientSession: Initialized session at 0x155837a00.

    68155 259 2024-08-24 09:22:57 153.472 ClientSession: Starting session at 0x155837a00.

    68155 259 2024-08-24 09:22:57 155.553 ClientSession: Going to start session ‘/Users/me/Documents/NoMachine/compName.nxs’.

    68155 259 2024-08-24 09:22:57 159.678 Connection: Initializing connection at 0x154149ae0.

    68155 259 2024-08-24 09:22:57 159.831 Connection: Initialized connection at 0x154149ae0.

    68155 259 2024-08-24 09:22:57 159.843 Connection: Starting connection at 0x154149ae0.

    68155 259 2024-08-24 09:22:57 159.850 ClientDaemonConnector: Starting a new connection to host ‘192.168.1.144’ on port ‘4000’.

    68155 259 2024-08-24 09:22:57 159.950 Connection: Started connection at 0x154149ae0.

    68155 259 2024-08-24 09:22:57 162.504 ClientSession: Started session at 0x155837a00.

    Info: Slave server running with pid 89603.

    Info: Listening to slave connections on port 23093.

    68155 259 2024-08-24 09:22:57 162.929 Main: Entering the GUI event loop.

    68155 259 2024-08-24 09:22:57 357.572 MacInit: WARNING! Activation event lost, try to recover by synthesizing a new event.

    68155 259 2024-08-24 09:23:27 162.987 Connection: Connection at 0x154149ae0 failed.

    68155 259 2024-08-24 09:23:27 163.358 ClientSession: Runnable at 0x154149ae0 caused the session at 0x155837a00 to fail.

    68155 259 2024-08-24 09:23:27 163.392 ClientSession: Failing reason is ‘A connection timeout has occurred while trying to connect to ‘192.168.1.144’ on port ‘4000’. The issue could either be caused by a networking problem, by a firewall or NAT blocking incoming traffic or by a wrong server address. Please verify your configuration and try again.’.

    68155 259 2024-08-24 09:23:27 168.888 ClientSession: Stopping session at 0x155837a00.

    68155 259 2024-08-24 09:23:27 174.427 ClientSession: Destroying display client.

    Info: Slave server running with pid 90119.

    Info: Listening to slave connections on port 30046.

    68155 259 2024-08-24 09:23:27 175.818 Connection: Stopping connection at 0x154149ae0.

    68155 259 2024-08-24 09:23:27 175.872 ClientDaemonConnector: Stopping the current connection.

    68155 259 2024-08-24 09:23:27 175.896 Connection: Stopped connection at 0x154149ae0.

    68155 259 2024-08-24 09:23:27 182.955 ClientSession: Stopped session at 0x155837a00.

     

    August 13, 2024 at 00:25 in reply to: Yubikey support #49155
    Chatter5352
    Participant

    Thanks for your swift response!

    Doesn’t this approach require internet access to the Yubico cloud server? I need an offline only solution. Are there any other supported approaches I can try? Thanks for your help!

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)