Hello listmates, I have run into a problem using FreeNX in combination with public key authentication. I have Googled myself silly, but I can't find the exact answer to my problem. I am hoping that someone here will know the answer. First, let me tell you what I am trying to accomplish: - I don't want my ssh server exposed to the Internet with password logins enabled. I only want public key authentication. - I want to have access to NX server from anywhere in the world. - I want NX to use a custom keypair, not the default supplied by FreeNX. My environment: openSUSE 11.2 (client and server) KDE 4.3.4 (client and server) FreeNX-0.7.2-26.5.i586 (client) openssh-5.2p1-9.1.i586 (client and server) NX Client for Linux 3.4.0-5 from NoMachine (client) qtNX Client qtnx-0.0.1SVNr281-215.1.i586 (client) The problem persists, whether I am connected to the same network or to another network. Since ssh logins work, I don't think a firewall is the culprit. What do I have working so far: - The ssh server on the remote host only accepts public key authentication and I can login from the client without problems. So far so good. - FreeNX is installed on the remote host, using a custom keypair. Authentication with this key works. I can login from the client with the nx user and the public key. $ ssh -i ~/.ssh/id_dsa.key nx@remote HELLO NXSERVER - Version 2.1.0-72 OS (GPL, using backend: 3.2.0) NX> 105 So far so good. This proves that public key authentication for the user nx is correct. Because FreeNX doesn't support logging in to the ssh daemon using public key authentication, only user/password combinations, I can't use the default ssh login that FreeNX has configured out of the box on openSUSE. To get around that, I have set up FreeNX to use its own passdb backend. In order to do that, I edited the file /etc/nxserver/node.conf and set the following: ENABLE_PASSDB_AUTHENTICATION="1" ENABLE_SSH_AUTHENTICATION="0" I then created a user account for myself in the following way: # /usr/bin/nxserver --adduser <username> # /usr/bin/nxserver --passwd <username> I add the public key in the configuration dialog of the NoMachine client and try to connect, however this does not work. Here's what happens when I use the NoMachine client to log in: I get a dialog that says: "The NX service is not available or the NX access was disabled on host remote." Clicking "Detail", the following text is displayed (anonymized): NX> 203 NXSSH running with pid: 26275 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files NX> 285 Setting the preferred NX options NX> 200 Connected to address: XXX.XXX.212.221 on port: 22 NX> 202 Authenticating user: nx NX> 208 Using auth method: publickey HELLO NXSERVER - Version 2.1.0-72 OS (GPL, using backend: 3.2.0) NX> 105 hello NXCLIENT - Version 2.1.0 NX> 134 Accepted protocol: 2.1.0 NX> 105 SET SHELL_MODE SHELL NX> 105 SET AUTH_MODE PASSWORD NX> 105 login NX> 101 User: <username> NX> 102 Password: NX> 103 Welcome to: deepthought user: <username> NX> 105 listsession --user="<username>" --status="suspended,running" --geometry="1280x800x24+render" --type="unix-kde" NX> 127 Sessions list of user '<username>' for reconnect: Display Type Session ID Options Depth Screen Status Session Name ------- ---------------- -------------------------------- -------- ----- -------------- ----------- ------------------------------ NX> 148 Server capacity: not reached for user: <username> NX> 105 startsession --link="adsl" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="Test" --type="unix-kde" --geometry="1024x768+128+0" --client="linux" --keyboard="pc102/us" --screeninfo="1024x768x24+render" Permission denied (publickey). NX> 280 Exiting on signal: 15 I read this as that the initial connection of the user nx to the host remote is made, using public key authentication. Then, my username and password are passed to the FreeNX service and I get logged in using username/password. I thought this would complete the login and should set up a desktop. Apparently though, there is some kind of third login process which uses public key authentication and this gets refused...? I tried the same login with the qtNX client, but this complains about a missing shared library when I try to connect: /usr/NX/bin/nxssh: error while loading shared libraries: libXcomp.so.3: cannot open shared object file: No such file or directory I am unable to find out what would provide that shared library though: $ rpm -q --whatprovides libXcomp.so.3 no package provides libXcomp.so.3 Like I said, I have Googled this error extensively, but I haven't found this exact situation anywhere. I'm stumped now and don't know what to try next. Does anyone here have an idea? Thanks in advance! Joop -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org