http://bugzilla.novell.com/show_bug.cgi?id=625404 http://bugzilla.novell.com/show_bug.cgi?id=625404#c0 Summary: FreeNX uses authorized_keys2 as default key file, while sshd uses authorized_keys. Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: x86 OS/Version: openSUSE 11.3 Status: NEW Severity: Enhancement Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: muhlemmer@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100626 SUSE/3.6.6-1.2 Firefox/3.6.6 Enhangement: Change /var/lib/nxserver/home/.ssh/authorized_keys2 to /var/lib/nxserver/home/.ssh/authorized_keys when running nxsetup --install. Motivation: When running "nxsetup --install" the file /var/lib/nxserver/home/.ssh/authorized_keys2 is created to store the authorized private keys. As nx uses the ssh for tunneling the connection, sshd needs to be pointed to the authorized key file for authentication to work. Under openSUSE (at least version 11.1+ for sure) the default keyfile for sshd is %h/.ssh/authorized_keys. Where %h points to the user's home directory. Now there are to ways to get the connection working: either you set the AuthorizedKeyFile option in sshd_config to %h/.ssh/authorized_keys2, which involves changing all the names of the file for all your users + when you use ssh-copy-id, the new keys go by default to authorized_keys, so not out newly set file. Or (this is a simpler solution) change in ...nxserver/home/ the authorized_keys2 file to authorized_keys. Either way, the default nxserver does not comply with the default sshd, while it maybe working with people who are using the same sshd_config file for the past years and the default settings has been changed throughout the years, but not for them since they un-commented the option. Downside: Maybe to many people are already used to this workaround. Improving this will enforce them to undo there workaround. So we have to decide: be loyal to the old users or make it work right out of the box for new users (which would be my #1 option) Maybe we can run the setup to check the setting of sshd's AuthorizedKeyFile option, this would be a winner for both sides. Reproducible: Always Steps to Reproduce: 1. Install a clean version of openSSH (move to other location: /etc/ssh/ and manualy update package in yast) 2. Run nxsetup --install Actual Results: 1. cat /etc/ssh/sshd_config | grep AuthorizedKeysFile Output: AuthorizedKeysFile .ssh/authorized_keys 2. Or submit a new key to sshd using ssh-copy-id and ls ~/.ssh Output: authorized_keys 3. ls /var/lib/home/.ssh Output: authorized_keys2 Expected Results: nxsetup should create /var/lib/home/.ssh/authorized_keys -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.