Guro

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 39 total)
  • Author
    Posts
  • in reply to: Can’t log into Win 11 PC from Mac, but can do reverse #50039
    Guro
    Contributor

    It’s also useful to know whether user Emile is a user of domain or windows AD?

    in reply to: Yubikey support #49683
    Guro
    Contributor

    hello

    “If there are no security risks to installing the debug package, then I’m happy for you to send it to me and use it.” –  It’s safe to install and use. It’s a regular package with extra debug enabled to allow us to go much deeper into why a particular error is happening so they will contain information about exchange protocol flow data, ssh key fingerprints and accepted encryption methods.

    ” Is the ssh tunnelling method I mentioned earlier in this thread sensible?” – Yes it is. You can see details here: https://kb.nomachine.com/AR10K00728

    “Is there a way to make the connection more stable with this approach?” – I think the session freeze needs further investigation. First, can you send us server side logs? Logs would also allow us to check why the connection is failing without an appropriate error even without adding yubikey as a device. You can extract them using the instructions here: https://kb.nomachine.com/DT07S00243.

    Send them to forum[at]nomachine[dot]com. Please use the title of this topic as the subject of your email. Thanks!

    in reply to: Yubikey support #49659
    Guro
    Contributor

    Hello

    Please could you provide exact information of NoMachine server you are trying to connect to?
    The free NoMachine version does not support SSH connections.

    Thanks

    in reply to: Yubikey support #49618
    Guro
    Contributor

    Hello

    To be able to provide more advises there is need to have more detailed log data. As for security reason, authentication logs are disabled by default.
    But if you are willing to install new debug package on your working machine and test the authentication process to provide us more detailed information about this error, we can send you a debug package.

    Thanks

    in reply to: Yubikey support #49604
    Guro
    Contributor

    hello

    As you use -i option for ssh to point to private key in system path, then you could point same path in the connection > ‘Use key-based authentication with a key you provided’.

    Does your advice still apply in that case?” – yes. Check key real path after modify player.cfg and set

     

    thanks

    in reply to: Yubikey support #49485
    Guro
    Contributor

    Hello

    ssh -I /pathtokeyfile

    Usually -I uses to access to pkcs11 module. For Yubico probably it should be libykcs11.dylib.

    If yes then you can use path to module in section “Use key-based authentication with PKCS11 smart card”,

    “Set an alternate security module”. there you can select absolute path to libykcs11.dylib.

    By default path might look like /usr/local/lib/libykcs11.dylib.

    If connection still fails, then please leave all settings as it but close all nomachine windows.

    Edit ~/.nx/config/player.cfg

    find line:

    <option key=”SSH client mode” value=”library” />

    and replace “library” to “native” like:

    <option key=”SSH client mode” value=”native” />

    also check if
    <option key=”SSH Client” value=”/usr/local/bin/ssh” />

    contain valid path to default ssh client. Finish and save edit content.

    Open nomachine windows again and do SSH protocol connection by smart card.

    Please inform as if it will helps and report errors if some appears.

    in reply to: Yubikey support #49441
    Guro
    Contributor

    Hello,

    My keys are resident keys stored on the Yubikey. I do have the public keys in ~/.ssh/authorized_keys on the server I’m trying to access.” – it looks good.

    Could you please provide us the command of poor ssh you use to login to the server (hiding all sensitive data)?

    Thanks

    in reply to: Reset Windows 11 #49407
    Guro
    Contributor

    Regarding the logs, we notice that you try to install NoMachine on the D:\ disk space, instead of the default C:\Program Files.

    Have you tested to install on the default path to compare the result?

    And is the D: space a real local disk partition, or some network drive mounted with some service?

    in reply to: Reset Windows 11 #49406
    Guro
    Contributor

    Hello Practice,

    Please also provide us the Windows build version: open the power shell and run the command
    winver
    It would be useful for us to have a screenshot of the appearing window (but with your private data censored).

    in reply to: Yubikey support #49399
    Guro
    Contributor

    One additional information: if you have access on Yubikey keys and are able to extract the public key for ssh to place in ~/.ssh/authorized_keys , then you might use NoMachine SSH protocol connection and choose authentication with smartcard reader.

    By default it works only to PKCS#11 compatible smartcard readers, but it might also recognize Yubikey.

    Please try and let us know.

    in reply to: Yubikey support #49380
    Guro
    Contributor

    Hello,

    note that I am not using port 22 for ssh, will this be a problem?” – no, it shouldn’t be a problem.

    Do you have further suggestions to get login secured with Yubikey without an online server involved?” – not yet, as I suspect that it needs additional implementation.

    Here is the log output as requested:” – these logs are from the client side and mostly report about the connection problem then ‘Yubikey’ use.

    Could you please provide us the server side logs, for a more clear information, and send them to forum[at]nomachine[dot]com, making sure to reference the topic as the subject of the email?

    in reply to: Reset Windows 11 #49273
    Guro
    Contributor

    Hello

    please bit more details about “After resetting Windows 11”. What did you exactly? Did you restart?

    Additionally:

    1. check whether after installing nomachine and restarting, the file C:\Windows\System32\nxlsa.dll is present in system.

    2. open power shell as admin and run command

    get-childitem “\\.\pipe\”

    and provide lines containing nx* pattern. like: nxdevice, nxfsd, nxserver, nxsspi.

    3. As administrator in power shell window try the next commands

    net stop nxservice

    net start nxservice

    then check if in C:/ProgramData/NoMachine/var/logs an nxtrace.log appears.

    Check windows Event Viewer and in section “Windows Logs” check (Application, System) and provide error/warning events generated by nxservice, nxserver, nxnode if they are present.

    Inside Event Viewer check section “Applications and Services Logs > Microsoft > Windows > LSA” if it contains some events,
    If yes, send content to us.

    Remember that some event viewer data might contain sensitive data and so please avoid sharing to public here. You can redact the file by removing sensitive data.

    Thanks

    in reply to: Yubikey support #49169
    Guro
    Contributor

    hello

    “Doesn’t this approach require internet access to the Yubico cloud server?” – yes, there is need.

    but

    “I use this with FIDO2 resident keys for ssh already” – if you have updated ssh server configuration then

    there is possible to try use ssh pam configuration to nx on server and check.

    sudo cp /etc/pam.d/nx /etc/pam.d/nx.bak

    sudo cp /etc/pam.d/sshd /etc/pam.d/nx

    if login fails send server side logs to us, please.

    thanks

    in reply to: Mac – Authentication failed, please try again #49159
    Guro
    Contributor

    hello

    Is ‘remote one ‘ mac based? If yes then let’s check how remote side recognize username/password.

    Open terminal window on remote side and run command:

    /Applications/NoMachine.app/Contents/Frameworks/bin/nxexec --auth

    input username <enter>, then password <enter>

    and check result please. If username is not local system user like ldap, AD etc command nxexec might run as sudo or root user.

    thanks

    Guro
    Contributor

    Please open powershell on the server side as admin and run the following command:
    get-childitem \\.\pipe\ and provide all lines which contain pipe name as nx*

Viewing 15 posts - 1 through 15 (of 39 total)