From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 58A8A1384B4 for ; Sat, 14 Nov 2015 06:48:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E2D0421C084; Sat, 14 Nov 2015 06:48:20 +0000 (UTC) Received: from mail125c7.megamailservers.com (mail125c7.megamailservers.com [69.49.98.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E517A21C00E for ; Sat, 14 Nov 2015 06:48:19 +0000 (UTC) X-Authenticated-User: info.sys-concept.com Received: from [10.0.0.100] (S01060050da7ae68c.ed.shawcable.net [68.149.90.13]) (authenticated bits=0) by mail125c7.megamailservers.com (8.14.9/8.13.1) with ESMTP id tAE6mFD7017808 for ; Sat, 14 Nov 2015 01:48:16 -0500 Subject: Re: [gentoo-user] openssh-7.1_p1-r2 won't allow "nxserver" to connect References: <5646CFD7.9030708@sys-concept.com> To: Gentoo mailing list From: thelma@sys-concept.com X-Enigmail-Draft-Status: N1110 Message-ID: <5646D972.4010300@sys-concept.com> Date: Fri, 13 Nov 2015 23:49:22 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <5646CFD7.9030708@sys-concept.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-CTCH-RefID: str=0001.0A020205.5646D931.001F,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-VOD: Unknown X-CTCH-Spam: Unknown X-CTCH-Score: 0.000 X-CTCH-Rules: X-CTCH-Flags: 0 X-CTCH-ScoreCust: 0.000 X-CSC: 0 X-CHA: v=2.1 cv=KdHr72oD c=1 sm=1 tr=0 a=C3ZDv51cNVt4vJz/79I2xQ==:117 a=C3ZDv51cNVt4vJz/79I2xQ==:17 a=SDcUNfBxAAAA:8 a=BDKbP5mgAAAA:8 a=046jbqsEAAAA:8 a=7mOBRU54AAAA:8 a=IkcTkHD0fZMA:10 a=x4n0SwihegvNpMP33E0A:9 a=QEXdDO2ut3YA:10 a=Yhd43HVSmLQA:10 a=Nul2b3CJrfMA:10 X-Archives-Salt: e4b2c0d9-013c-408c-afe2-bbde7a80a95a X-Archives-Hash: cd4580404b3028cefffdd3f581cbab72 Thelma On 11/13/2015 11:08 PM, thelma@sys-concept.com wrote: > I'm running: nxserver-freenx-0.7.3_p104-r7 > After recent upgrade, system installed new stable openssh-7.1_p1-r2 > > The problem is the new openssh-7.1_p1-r2 will not allow my my "nxserver" to connect, I get an error: > Permission denied (publickey,keyboard-interactive) see below: > > nxsetup --test > ... > <---- done > > ----> Testing your nxserver connection ... > Permission denied (publickey,keyboard-interactive). > Fatal error: Could not connect to NX Server. > > Please check your ssh setup: > > The following are _examples_ of what you might need to check. > > - Make sure "nx" is one of the AllowUsers in sshd_config. > (or that the line is outcommented/not there) > - Make sure "nx" is one of the AllowGroups in sshd_config. > (or that the line is outcommented/not there) > - Make sure your sshd allows public key authentication. > - Make sure your sshd is really running on port 22. > - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. > (this should be a filename not a pathname+filename) > - Make sure you allow ssh on localhost, this could come from some > restriction of: > -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost > -the iptables. add to it: > $ iptables -A INPUT -i lo -j ACCEPT > $ iptables -A OUTPUT -o lo -j ACCEPT > > What I should be getting is this: > ----> Testing your nxserver connection ... > HELLO NXSERVER - Version 3.2.0-74-TEAMBZR104 OS (GPL, using backend: 3.5.0) > NX> 105 quit > Quit > NX> 999 Bye > <--- done > > I did not change anything in sshd_config. > But I downgraded to: openssh-6.9_p1-r2 and nxserver connects OK. > > What could be the problem with new: openssh-7.1_p1-r2 I think the reason is that OpenSSH 7.0 disables ssh-dss keys by default https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html And and nxserver is using ssh-dss keys by default. I have to find a way a way to replace the ssh-dss key in: /etc/nxserver/ with RSA one. Do I just run: ssh-keygen -t rsa and copy the key pair to /etc/nxserver/ directory? -- Thelma