Login failure using NX authentication with key file

Forum / NoMachine for Linux / Login failure using NX authentication with key file

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #4600
    lorandsm
    Participant

    I’m using NoMachine free 4.2.27 on an ubuntu server and I’m logging in from a windows 8 client. Logging in with password works fine but trying to do this using private key authentication fails. First I’ve been trying to use the default key but I get the following error message:

    Error: Cannot accept public key

    I’ve followed the instructions from

    https://www.nomachine.com/AR02L00785

    In the /usr/NX/var/log/server.log file I can see something like:

    isSupportedPublicKey FAIL

    checkClientRequest KEY NOT supported

    Does this mean the key verification failed or that key authentication is not supported by the server?

    #4612
    Haven
    Participant

    Hello lorandsm,

    debug message: ‘isSupportedPublicKey FAIL’ means that server failed to find public key in ‘<user’s home>/.nx/config/authorized.crt’ file.

    Please make sure that public key was correctly added to that file. You can do it by: execute ‘cat authorized.crt’ in ‘<user’s home>/.nx/config’ and check if public key is there.
    Also check if NoMachine server can access that file. File should be readable for ‘<user’s home>’ owner.

    If issue persist please send ‘ls -la’ output from ‘<user’s home>/.nx/config/’ and nxserver.log file (with nxserver logs enabled) on forum[at]nomachine[dot]com.

    #4635
    lorandsm
    Participant

    Problem solved. The issue was that I simply copied /var/NX/nx/.ssh/default.id_dsa.pub to ‘<user’s home>/.nx/config/authorized.crt’ and the entry contained something like:

    no-port-forwarding,no-agent-forwarding,command=”/etc/NX/nxserver –login” ssh-dss AAAAB3Nza …

    With this entry the authentication didn’t work. After I deleted no-port-forwarding,no-agent-forwarding,command=”/etc/NX/nxserver –login” from the front of the public key, it worked.

    Also, I have a question related to restricting the authentication type of a user. By running the following command:

    nxserver –uaserauth <user name>

    give the authentication type of the user, which in my case returns system. I want to restrict the user to use only authentication via private/public key but I couldn’t find a way to do that. The link

    https://www.nomachine.com/DT12I00014

    doesn’t say how to impose such restrictions.

    #4650
    lorandsm
    Participant

    Actually I found a workaround to block users to use password log in. The trick is to enable user DB and password DB but not adding any user to the NX database.

    #4657
    Haven
    Participant

    Once we’ve implemented the possibility to set the authentication method available, this workaround won’t be necessary and is only temporary.
    We created Feature Request: https://www.nomachine.com/FR09L02825 to make it possible.

    #5180
    heywood
    Participant

    I’ll chime in with a “vote” for this FR. As it is, whether a public-facing server uses NX or SSH, it’s still (somewhat) susceptible to brute-force password guessing unless there’s a way to enforce key-only authentication. This would be a very welcome addition to NX.

    -H

    #6000
    Britgirl
    Keymaster

    You can sign up to receive notification of when this FR has been implemented. Follow the link https://www.nomachine.com/FR09L02825 and add your email address. I will now close this topic.

Viewing 7 posts - 1 through 7 (of 7 total)

This topic was marked as closed, you can't post.