AVS Forum banner
1 - 16 of 16 Posts

·
Banned
Joined
·
1,686 Posts
Discussion Starter · #1 ·
I've been using TightVNC since God was born, but it's gotten awfully crashy as they've stopped maintaining it.


What are the kids using these days? No need for security, as I'll be using reverse SSH tunnels, but it does need to be stable and nice and fast.
 

·
Registered
Joined
·
1,591 Posts
freenx and nxclient here too... Much better compression and speed over my connection than vnc forwarded through ssh. It creates a new session, not sure if there is an option to connect to an existing session like vnc...
 

·
Banned
Joined
·
1,686 Posts
Discussion Starter · #4 ·
Wull; I have freenx installed and running on the server (Ubongo repository), and nxclient on client, but failing authentication.


/var/log/auth on server says that 'user nx is not in AuthUsers'. Correct, it's not; I don't want to add another user to AuthUsers.


NE1 know how to change the user that client signs over as? There doesn't seem to be a setting in nxclient.cfg for this, and in {Host}.nxs changing the setting
 

·
Banned
Joined
·
1,686 Posts
Discussion Starter · #6 ·
Ya, I used the freenx server from repository, as I like things to be updated automatically when possible. This created the nx user, and seemed to have generated a custom key, but I didn't take any chances and did a dpkg-reconfigure freenx-server. Then copied the client key from /root/.nx to the client machine /home/bill/.nx and imported into the client.


SSH is refusing authenticate (auth log) because user nx is not in AuthUsers, and indeed it's not there. I don't want to add another user to AuthUsers. I want to run the nxclient as my own user, but there doesn't seem to be any way to do that. When I run it as myself, it seems to try and log in as nx on the server.


There's no apparent setting in config files for user; I should have thought the user I'm running it as would be the one, but it's not. It insists on nx as the user.
 

·
Banned
Joined
·
2,107 Posts
To be honest with you, I haven't had the need to set it up in *buntu -- the last I used it was from a winduhs box to a gentoo box. Did you see this part in the link I gave you?
Quote:
Next we add the NX capable user and setup a password for them.

NOTE: You can set the NX server up to allow any normal users to login in the config file in /etc/nxserver/ and skip this step, but I'm not going to recommend that.


/usr/NX/bin/nxserver --adduser username

/usr/NX/bin/nxserver --passwd username
 

·
Banned
Joined
·
1,686 Posts
Discussion Starter · #8 ·
Hm, interesting, thanks.

Code:
Code:
# nxserver --adduser bill
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
NX> 500 Error: The passdb function is not activated in node.conf.

Most probably your FreeNX setup will work out of the box without this
functionality and you've been misleaded (sic) by an old tutorial or old
documentation to do this step.

If however you really need this functionality, just set
ENABLE_PASSDB_AUTHENTICATION="1" in node.conf.

NX> 999 Bye
I'll give this a try.


Hey mm, I've just gotten the part to repair my R5000-HD and it's workinging great, so I'm setting up Myth for it. I've just loaded up all the Dish channels, and there are hundreds of them I want to make invisible. (600-874)


I've just spent two hours marking many below 400 invisible, but each time you have to interminably scroll down the further you get. Is there any way to mark blocks of channels invisible?
 

·
Banned
Joined
·
2,107 Posts

Quote:
Originally Posted by quantumstate /forum/post/15434479


Hey mm, I've just gotten the part to repair my R5000-HD and it's workinging great, so I'm setting up Myth for it. I've just loaded up all the Dish channels, and there are hundreds of them I want to make invisible. (600-874)


I've just spent two hours marking many below 400 invisible, but each time you have to interminably scroll down the further you get. Is there any way to mark blocks of channels invisible?

Glad to hear it.


You can in schedules direct if you're using it. Also, you might be able to with mythweb, but I've never used it for anything other than to schedule recordings, and I don't have it loaded right now, so I'm not sure.
 

·
Banned
Joined
·
1,686 Posts
Discussion Starter · #10 ·
Well, maybe this is not going to work out with freenx.


First of all, it is insisting on logging into SSH as user nx. This forced me to add nx to SSH AddUsers, which I'd rather not have done. Then it got alot further in login, accepting the (custom) public key, but then it fails on my username login for some reason. So maybe I need to add my username to nx, as I did with VNC:
Code:
Code:
# nxserver --adduser bill
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
NX> 500 Error: The passdb function is not activated in node.conf.

Most probably your FreeNX setup will work out of the box without this
functionality and you've been misleaded by an old tutorial or old
documentation to do this step.

If however you really need this functionality, just set
ENABLE_PASSDB_AUTHENTICATION="1" in node.conf.

NX> 999 Bye
Unfortunately though, it does not work out of the box, and I wasn't 'misleaded' by anything since I installed from the Ubuntu repository. Why would it need to log in not only as nx, but also as me? Yet it says this mode is outdated? This seems busted. So OK I gave in and enabled the passwd database for nx:

Code:
Code:
(set ENABLE_PASSDB_AUTHENTICATION="1", restart freenx server)

# nxserver --adduser bill
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
Running /etc/profile
grep: /etc/ssh/sshd_config: Permission denied
NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
cat: /etc/nxserver/users.id_dsa.pub: No such file or directory
cat: /etc/nxserver/users.id_dsa.pub: No such file or directory
NX> 716 Public key added to: /home/bill/.ssh/authorized_keys2
NX> 1001 Bye.
NX> 999 Bye
cygnus:/etc/init.d # nxserver --passwd bill
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
New password:
Password changed.
NX> 999 Bye

Jan  2 11:58:04 hex su[13093]: pam_unix(su:session): session opened for user bill by (uid=0)
Jan  2 11:58:04 hex su[13093]: pam_unix(su:session): session closed for user bill
Jan  2 11:59:37 hex sshd[13309]: Accepted publickey for nx from 192.168.1.1 port 45945 ssh2
Jan  2 11:59:37 hex sshd[13309]: pam_unix(sshd:session): session opened for user nx by (uid=0)
Jan  2 11:59:39 hex sshd[13501]: Accepted password for bill from 127.0.0.1 port 49090 ssh2
Jan  2 11:59:39 hex sshd[13501]: pam_unix(sshd:session): session opened for user bill by (uid=0)
Jan  2 11:59:40 hex sshd[13501]: pam_unix(sshd:session): session closed for user bill
Jan  2 11:59:43 hex nxserver[13593]: (nx) Failed login for user=bill from IP=192.168.1.1
Jan  2 11:59:43 hex sshd[13309]: pam_unix(sshd:session): session closed for user nx
OK, so it's accepting authentication now for nx and for me, but it's still dumping out the session for reasons which are mysterious.


I thought OK, I didn't RTFM. Unfortunately though, I then found that the manual basically says it should 'just work', and the 'Quick Start' guide is just a list of node.conf settings, not a guide.


As there is absolutely no explanation of the mechanics of this thing, I have no way of tracing the chain to failure. Doesn't anyone have any sense these days?


Ideally I would like to not involve the nx user in any way, have it use my credentials to log in through SSH, and set the session up SSH encrypted (not SSL). Looks impossible though.
 

·
Registered
Joined
·
1,663 Posts
I think the nx user is mandatory. I've read details about the security ramifications of it in the past. I've been using Nomachine's NX for quite some time because I remember it was a serious hassle to get freenx working right way back when (before it was in a repository etc.). Unfortunately, Nomachine's NX is broken as of Intrepid the last I checked. It is something to do with the newer X server. The real authentication does take place through ssh/pam so there's more to it than just the nx user. I'd still be leaning toward your keys not being correct. Also remember that the client key needs to be the same as the server key so you need to copy it over if you aren't using the default one on both sides.


-Trouble
 

·
Banned
Joined
·
1,686 Posts
Discussion Starter · #13 ·
Thanks nl, but that repo's highest distro is Hardy. I'm running Insipid on my HTPC, although when I install the new disk drive (to replace the busted Seagate ) I'm installing Hardy as I hate KDE4.


Installing Nomachine's version now, and they make clear that by default the nx user first authenticates, and then a user for the server machine must authenticate. If that user has preexisting credentials (certificate, password) as I do, it should log me in. And that there is a way for admins to limit which users can log in by enabling a separate password database, which was what was going on above; not needed in my case.
 

·
Banned
Joined
·
1,686 Posts
Discussion Starter · #14 ·
WOW, ittwerks!


Fast as Hell, and crystal clear! Light-years ahead of VNC.


A pivotal document is this one , for setting up custom keys. It appears that the only packages that work in Intrepid are directly from Nomachine. It appears that the nx user is mandatory to be able to log in to SSH, so must be added on the server to /etc/ssh/sshd_config|AllowUsers altho I haven't tested that this go-round.


Only two questions:

- It seems they have you generate the new keys and then copy the private ('default') key over to the clients for use. This violates the principle of public key cryptography, where the public key is the one that's to be shared. Furthermore, they say to overwrite the server key with the default key, leaving that as the only apparent one. Must be this is a symmetrical key system, not a public key one?


- I am using public key cryptography for my user in SSH. I wonder if there's a way to engage that with NX, so I don't have to log in?


Thanks to all who advised me here.
 
1 - 16 of 16 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top