[Bug 205165] New: NX server forwards don't work
https://bugzilla.novell.com/show_bug.cgi?id=205165 Summary: NX server forwards don't work Product: openSUSE 10.2 Version: Alpha 4 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications AssignedTo: sndirsch@novell.com ReportedBy: jjaeger@novell.com QAContact: sndirsch@novell.com tried to create a chain of forwarding NX servers and hit several issues either in the node.conf file or in the doc. Set up an "internal" machine with SSH authentication and tried to copy the client key over to the "gateway" machine. issue #1: SERVER_FORWARD_KEY="/usr/NX/share/client.id_dsa.key" in the gateway's node.conf is bogus, since there is no /usr/NX/share. workaround: copy to /usr/share/NX instead and adjust the value of SERVER_FORWARD_KEY issue #2: once you try a connect with KNX to the gateway machine, you only get "connection timed out". (No AppArmor involved and no firewalls either) issue #3: the comment in node.conf on the forwarding section has "use "SSL encryption" for all connections" ... but there is no switch to turn on any SSL stuff ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205165 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Priority|P5 - None |P2 - High ------- Comment #1 from sndirsch@novell.com 2006-09-12 10:19 MST ------- The !M key is in /usr/share/knx/client.id_dsa.key (knx package). Therefore we should set SERVER_FORWARD_KEY to this location. Why it doesn't work I don't know. I never tried to setup a chain for forwarding NX servers. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205165 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Enhancement ------- Comment #2 from sndirsch@novell.com 2006-09-12 20:41 MST ------- (In reply to comment #1)
The !M key is in /usr/share/knx/client.id_dsa.key (knx package). Therefore we should set SERVER_FORWARD_KEY to this location. done.
Why it doesn't work I don't know. I never tried to setup a chain for forwarding NX servers. Setting to enhancement. (I don't think this has ever worked)
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205165 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P2 - High |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205165 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P3 - Medium |P5 - None -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205165 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |eich@novell.com ------- Comment #3 from sndirsch@novell.com 2007-05-11 01:57 MST ------- JFYI. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205165 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mhopf@novell.com, sndirsch@novell.com ------- Comment #4 from sndirsch@novell.com 2007-05-12 04:42 MST ------- JFYI, Matthias. This is a bugreport, which is assigned to Egbert/me or with Egbert/me in CC or reported by Egbert/me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c5 --- Comment #5 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 03:48:32 MST --- I also get this timeout with the latest NX/FreeNX packages, after copying the client.id_dsa.key from Nomachine to /usr/share/FreeNX and using the following settings on the machine (magellan) inbetween: ENABLE_SERVER_FORWARD="1" SERVER_FORWARD_HOST="shannon.suse.de" SERVER_FORWARD_PORT=22 SERVER_FORWARD_KEY="/usr/share/FreeNX/client.id_dsa.key" I use the NX client from Nomachine (nxclient 3.0) and the current openSUSE NX/FreeNX packages on magellan/shannon. <NX client> --> magellan --> shannon I wonder if such a NX/FreeNX chain did ever work for anyone before. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c6 --- Comment #6 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 03:51:05 MST --- BTW, SSL encryption is enabled. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c7 --- Comment #7 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 03:53:33 MST --- NX client log: NX> 203 NXSSH running with pid: 8859 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files NX> 285 Setting the preferred NX options NX> 200 Connected to address: 10.10.131.50 on port: 22 NX> 202 Authenticating user: nx NX> 208 Using auth method: publickey Killed by signal 15. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c8 --- Comment #8 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 03:58:02 MST --- magellan:~ ps aux [...] nx 9575 0.2 0.0 13776 1792 ? Ss 11:53 0:00 /bin/bash /usr/bin/nxserver -c /usr/bin/nxserver nx 9593 0.0 0.1 59444 2824 ? S 11:53 0:00 ssh -i /usr/share/FreeNX/client.id_dsa.key -p22 nx@shannon.suse.de host=magellan nx 9597 0.0 0.0 24140 1268 ? S 11:53 0:00 /usr/lib64/ssh/x11-ssh-askpass The authenticity of host 'shannon.suse.de (10.10.0.79)' can't be established.?RSA key fingerprint is 39:0e:35:f4:2c:1f:9f:67:11:e4:96:ad:31:67:f5:62.?Are you sure you want to continue connecting (yes/no)? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c9 --- Comment #9 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 04:09:20 MST --- Forwarding works after manually invoking ssh. magellan:~ ssh -i /usr/share/FreeNX/client.id_dsa.key -p22 \ nx@shannon.suse.de host=magellan The authenticity of host 'shannon.suse.de (10.10.0.79)' can't be established. RSA key fingerprint is 39:0e:35:f4:2c:1f:9f:67:11:e4:96:ad:31:67:f5:62. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'shannon.suse.de' (RSA) to the list of known hosts. HELLO NXSERVER - Version 1.5.0-70 OS (GPL) NX> 105 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c10 --- Comment #10 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 04:24:22 MST ---
magellan:~ ssh -i /usr/share/FreeNX/client.id_dsa.key -p22 \ nx@shannon.suse.dmagellan:~
needs to be done as the user you use for authentication on the machine you login to (the machine next to the NX client in the chain). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c11 --- Comment #11 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 04:30:43 MST --- A entry for shannon to ~/.ssh/known_hosts will be created after invoking this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c12 --- Comment #12 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 04:41:55 MST --- Jana, does this workaround work for you as well? Use the latest NX/FreeNX packages (buildservice: NX project) and the Nomachine NX client (nxclient 3.0) for testing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c13 --- Comment #13 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 04:55:52 MST --- This would disable the check, but I'm sure it's insecure. --- nxserver.old 2007-07-10 12:40:15.000000000 +0200 +++ nxserver 2007-07-10 12:45:07.000000000 +0200 @@ -557,7 +557,7 @@ if [ "$ENABLE_SERVER_FORWARD" = "1" -a -n "$SERVER_FORWARD_HOST" ] then log 3 "Info: Forwarding connection to $SERVER_FORWARD_HOST with secret key $SERVER_FORWARD_KEY." - $COMMAND_SSH -i "$SERVER_FORWARD_KEY" "-p$SERVER_FORWARD_PORT" "nx@$SERVER_FORWARD_HOST" "host=$SERVER_NAME" + $COMMAND_SSH -i "$SERVER_FORWARD_KEY" "-p$SERVER_FORWARD_PORT" "nx@$SERVER_FORWARD_HOST" "host=$SERVER_NAME" "CheckHostIP=no" exit 0 fi -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c14 --- Comment #14 from Stefan Dirsch <sndirsch@novell.com> 2007-07-10 06:02:47 MST --- My workarounds in comments #9/13 no longer work. I no longer remember what I did exactly to get this working. Now I'm back to comments #7/8. :-( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165 Stefan Dirsch <sndirsch@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165#c15 Stefan Dirsch <sndirsch@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |jjaeger@novell.com --- Comment #15 from Stefan Dirsch <sndirsch@novell.com> 2007-11-25 09:36:15 MST --- Jana, could you please give this feature another try? Situation might have improved since latest FreeNX updates. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165 User jjaeger@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=205165#c16 Jana Jaeger <jjaeger@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|jjaeger@novell.com | --- Comment #16 from Jana Jaeger <jjaeger@novell.com> 2007-12-04 05:10:30 MST --- No time for testing :( Sorry, I can't help you here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=205165 User sndirsch@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=205165#c17 Stefan Dirsch <sndirsch@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #17 from Stefan Dirsch <sndirsch@novell.com> 2007-12-04 06:20:38 MST --- Ok. Let's assume this issue has been fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com