Tagged: nx ssh private key
September 8, 2014 at 08:33 #4600
I’m using NoMachine free 4.2.27 on an ubuntu server and I’m logging in from a windows 8 client. Logging in with password works fine but trying to do this using private key authentication fails. First I’ve been trying to use the default key but I get the following error message:
Error: Cannot accept public key
I’ve followed the instructions from
In the /usr/NX/var/log/server.log file I can see something like:
checkClientRequest KEY NOT supported
Does this mean the key verification failed or that key authentication is not supported by the server?September 8, 2014 at 12:35 #4612HavenParticipant
debug message: ‘isSupportedPublicKey FAIL’ means that server failed to find public key in ‘<user’s home>/.nx/config/authorized.crt’ file.
Please make sure that public key was correctly added to that file. You can do it by: execute ‘cat authorized.crt’ in ‘<user’s home>/.nx/config’ and check if public key is there.
Also check if NoMachine server can access that file. File should be readable for ‘<user’s home>’ owner.
If issue persist please send ‘ls -la’ output from ‘<user’s home>/.nx/config/’ and nxserver.log file (with nxserver logs enabled) on forum[at]nomachine[dot]com.September 11, 2014 at 08:09 #4635
Problem solved. The issue was that I simply copied /var/NX/nx/.ssh/default.id_dsa.pub to ‘<user’s home>/.nx/config/authorized.crt’ and the entry contained something like:
no-port-forwarding,no-agent-forwarding,command=”/etc/NX/nxserver –login” ssh-dss AAAAB3Nza …
With this entry the authentication didn’t work. After I deleted no-port-forwarding,no-agent-forwarding,command=”/etc/NX/nxserver –login” from the front of the public key, it worked.
Also, I have a question related to restricting the authentication type of a user. By running the following command:
nxserver –uaserauth <user name>
give the authentication type of the user, which in my case returns system. I want to restrict the user to use only authentication via private/public key but I couldn’t find a way to do that. The link
doesn’t say how to impose such restrictions.September 12, 2014 at 09:10 #4650
Actually I found a workaround to block users to use password log in. The trick is to enable user DB and password DB but not adding any user to the NX database.September 12, 2014 at 09:41 #4657HavenParticipant
Once we’ve implemented the possibility to set the authentication method available, this workaround won’t be necessary and is only temporary.
We created Feature Request: https://www.nomachine.com/FR09L02825 to make it possible.October 27, 2014 at 08:57 #5180heywoodParticipant
I’ll chime in with a “vote” for this FR. As it is, whether a public-facing server uses NX or SSH, it’s still (somewhat) susceptible to brute-force password guessing unless there’s a way to enforce key-only authentication. This would be a very welcome addition to NX.
-HJanuary 21, 2015 at 12:31 #6000