Key-based login fails (with working key)

Forums / NoMachine for Mac / Key-based login fails (with working key)

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #5044
    Avatarheywood
    Participant

    Trying to connect from a machine running Ubuntu 12.04 to a machine running OS X 10.9. Both boxes are running NX 4.3.24 and are on the same LAN. Usernames on the two machines are *different* (say, username_ubuntu and username_macosx).

    Connection from Ubuntu box to OS X box using password-based authentication works fine (by entering U/P = username_macosx/password_macosx into the NX client window). But doing the same thing using key-based authentication fails. Relevant excerpt from connection log:

    > 4215 4215 11:25:55 695.424 ClientSession: Started session at 0xa049408.
    > Info: Connection to 192.168.1.3 port 4000 started at 11:25:55 799.182.
    > 4215 4280 11:25:56 761.449 ClientSession: A valid certificate for this server was found.
    > 4215 4280 11:26:08 702.764 DaemonLogin/DaemonLogin: ERROR! Error in context[B].
    > Error: Error in context[B].
    > 4215 4280 11:26:08 703.480 DaemonLogin/DaemonLogin: ERROR! Error message ‘Cannot accept public key.’.
    > Error: Error message ‘Cannot accept public key.’.
    > 4215 4275 11:26:08 707.611 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.
    > 4215 4275 11:26:08 707.887 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 1, ‘Operation not permitted’.
    > Warning: Connection to 192.168.1.3 port 4000 failed at 11:26:08 708.085.

    The confusing thing is that “ssh -l username_macosx 192.168.1.3” from the command line on the Ubuntu box works fine. I think I’ve tried every combination of username and passphrase in the NX connection config on the Ubuntu box (username_ubuntu, username_macosx; password_ubuntu, password_macosx, key_passphrase_ubuntu, [blank passphrase]), and none of them work — I get the above error every time.

    (For what it’s worth, I tried changing the passphrase on the private half of the keypair on the Ubuntu box, and I know that this works — when I do so and then connect to the OS X box via ssh, the new passphrase is required to get the connection to succeed.)

    Can anyone suggest some further debugging steps?

    Thanks in advance,

    -H

    #5051
    AvatarBilbotine
    Keymaster

    Hi Heywood,

    If you are using NX protocol, maybe you put the public key in the wrong place ?

    Please follow the procedure described in the article “How to set up key based authentication with NX protocol” (https://www.nomachine.com/AR02L00785) and let us know if you encounter further problems.

    Best regards.

    #5062
    Avatarheywood
    Participant

    Hi Bilbotine,

    Thanks for that! I had indeed copied the client’s public key to the wrong place on the server (~/.ssh/authorized_keys instead of ~/.nx/config/authorized.crt).

    Unfortunately, fixing that now causes a different login failure: when I configure the client (on the Ubuntu side) and try to connect, I momentarily see the first of the informational panels (audio streaming stuff), as if the login has completed successfully… followed about 1 second later by “The connection with the server was lost. Error is 5: Input/output error.” The relevant(?) part of the logfile now looks like this:

    > 21127 21127 19:10:43 540.213 ClientDaemonConnector: Starting a new connection to host ‘192.168.1.3’ on port ‘4000’.
    > 21127 21127 19:10:43 540.496 Connection: Started connection at 0x97c13d8.
    > 21127 21127 19:10:43 550.571 ClientSession: Started session at 0x95bfc68.
    > Info: Connection to 172.31.1.153 port 4000 started at 19:10:43 622.470.
    > 21127 21187 19:10:44 584.931 ClientSession: A valid certificate for this server was found.
    > 21127 21127 19:10:50 623.190 ClientSession: Going to query for available services.
    > 21127 21127 19:10:50 757.749 UiRemoteSessionList: Going to automatically select the first session.
    > 21127 21127 19:10:50 758.085 ClientSession: Selecting the destination node.
    > 21127 21127 19:10:50 778.602 ClientSession: Going to query for available services.
    > 21127 21127 19:10:50 829.791 ClientSession: Going to attach session at index ‘0’.
    > 21127 21127 19:10:50 830.680 Keyboard: Current model ‘evdev’ session model ‘evdev’ layout ‘us’ variant ‘(empty)’ options ‘(empty)’.
    > 21127 21127 19:10:52 192.575 ClientSession: Stopping the connector before creating the proxy.
    > 21127 21127 19:10:52 194.965 ClientDaemonConnector: Stopping the current connection.
    > Info: Slave server running with pid 21193.
    > Info: Display running with pid 21194.
    > Info: Listening to slave connections on port 13002.
    > Session: Starting session at Mon Oct 20 19:10:52 2014.
    > 21127 21127 19:10:52 335.987 Connection: Stop reading after switching the connection.
    > 21127 21196 19:10:52 788.132 ProxySession/ProxySession: ERROR! Session failure in stage ‘StageWaitingProxyVersion’.
    > Error: Session negotiation failure.
    > 21127 21196 19:10:52 788.505 ProxySession/ProxySession: ERROR! We possibly provided a wrong version
    > 21127 21196 19:10:52 788.518 ProxySession/ProxySession: ERROR! or an invalid session authentication cookie.
    > Error: Connection closed by the remote peer.
    > Session: Session terminated at Mon Oct 20 19:10:52 2014.
    > 21127 21194 19:10:52 789.709 Encryptor/Encryptor: WARNING! Destroying pending buffer with 89 bytes.
    > 21127 21127 19:10:52 816.239 ClientSession: Exiting from the client transport loop.
    > 21127 21127 19:10:52 816.481 ClientSession: The transport closed with reset ‘1’ error ‘5’.
    > 21127 21127 19:10:52 816.729 ClientSession: Session at 0x95bfc68 failed.
    > 21127 21127 19:10:52 816.921 ClientSession: Failing reason is ‘The connection with the server was lost. Error is 5: Input/output error.’.

    Could this be a permissions issue? On both the client (Ubuntu) and server (OSX), I have the following permissions:
    ~/.nx 700
    ~/.nx/config 700
    ~/.nx/config/{authorized.crt, client.crt, player.cfg} 600

    For the client-side key I’m using to log in to the server:
    ~/.ssh 700
    ~/.ssh/id_rsa 600
    ~/.ssh/id_rsa.pub 644 [the contents of this file are what I copied to ~/.nx/config/authorized.crt on the host]

    I’m not sure where else to look… can you spot anything obviously wrong here?

    Thanks very much in advance for your help!

    Regards,

    -H

    #5105
    Avatarreza
    Moderator

    Regarding second issue, please follow the instructions in https://www.nomachine.com/AR07K00677 to gather all logs and send them to forum[at]nomachine[dot]com.

    #5126
    Avatarheywood
    Participant

    Hi Reza,

    Thanks for the link. A reboot seems to have solved the problem for now, but if the “Error 5” stuff reappears reliably, I’ll send a copy of the logs to issues@ as you suggest.

    -H

Viewing 5 posts - 1 through 5 (of 5 total)

This topic was marked as solved, you can't post.