Tagged: NX key authentication
April 6, 2022 at 22:42 #38213jimaveraParticipant
Like many, I have been unable to get NX key authentication to work following the instructions at AR02L00785
The server always gets “ERROR! Authentication with ‘NX-private-key’ from host ‘192.168.1.112’ failed. Error is ‘Public key not recognized’.”
My server is Ubuntu, running NoMachine Linux server 7.9.2
My client is Windows 11, running Enterprise Client 7.9.2 (on the same local network)
The KB article shows two ssh-keygen commands, a primary one and an alternative for use with NoMachine versions 6.9.2 and older. Since I’m running newer versions of NoMachine I thought the primary command should be used:
ssh-keygen -t rsa -b 4096
(actually I added -f fileprefix to specify the output file paths).
I copied the resulting .pub file to $HOME/.nx/config/client.crt and set permissions as in the KB article, like this:
`ls -ld ~ ~/.nx ~/.nx/config ~/.nx/config/*.crt
drwxr-xr-x 87 jima jima 4096 Apr 6 13:32 /home/jima/
drwx—— 18 jima jima 4096 Apr 6 13:41 /home/jima/.nx/
drwx—— 2 jima jima 4096 Apr 6 13:39 /home/jima/.nx/config/
-rw——- 1 jima jima 737 Apr 6 13:39 /home/jima/.nx/config/client.crt`
/usr/NX/etc/server.cfg set to have AcceptedAuthenticationMethods NX-private-key,NX-password
I copied the private key file to the client using nomachine’s file-transfer mechanism (while connected using a password) and later changed the client’s Connection config to use it via the ‘Use key-based authentication with a key you provide’ dialog.
Then, when trying to connect using key auth, a screen appears with username (pre-filled) and “key passphrase” (empty) fields. Pressing “Return” (since there is no passphrase) results in a login failure.
So I tried a new key pair generated with
ssh-keygen -m PEM -t rsa -b 4096
This time the login screen did not prompt for a passphrase but immediately displayed “Authentication failed, please try again”
Either way /usr/NX/var/log/nxserver.log contains the ‘Public key not recognized’ error.
I’ve read many other forum articles about this issue and the solutions seem inconclusive, dubious, or obsolete. For example, many articles talk about a file $HOME/.nx/config/authorized.crt but that filename (“authorized.crt”) is nowhere mentioned in the KB article so the information must be stale.
What’s the best way to debug this?April 8, 2022 at 13:45 #38251BritgirlKeymaster
we noticed an incorrect parameter in the article which must have been introduced by mistake.
Please check again the article: https://knowledgebase.nomachine.com/AR02L00785 in point 2 of the section Add the public SSH key on the server
Let us know the outcome.April 25, 2022 at 00:59 #38402jimaveraParticipant
Ok, that seems to have been the problem. Thanks.