# cat /etc/redhat-release
CentOS release 5.7 (Final)
# uname -ri
2.6.18-274.12.1.el5 x86_64
|
Win7 (NX client ) --- CentOS ( NX server )
[ install FreeNX on CentOS ]
You can install FreeNX via yum
# yum grouplist | grep -i freenx
FreeNX and NX
|
install FreeNX
# yum groupinstall -y "FreeNX and NX"#
# rpm -qa | grep -i nx
freenx-0.7.3-8.el5.centos
nx-3.5.0-1.el5.centos
|
[ how to start/stop nxserver ]
You can start/stop FreeNX server with the startup script.
# /etc/init.d/freenx-server start
# /etc/init.d/freenx-server stop
|
[ set up the NX server ]
The authentication method is SSH password based not key-based.
configuration files are stored under /etc/nxserver directory.
# ls
client.id_dsa.key node.conf.sample passwords.orig users.id_dsa
node.conf passwords server.id_dsa.pub.key users.id_dsa.pub
|
# egrep -v ^# node.conf | egrep -v ^$
ENABLE_PASSDB_AUTHENTICATION="0"
ENABLE_SSH_AUTHENTICATION="1"
ENABLE_CLIPBOARD="both"
NX_LOG_LEVEL=4
NX_LOGFILE=/var/log/nx/nxserver.log
COMMAND_MD5SUM="md5sum"
|
start the NX server
# /etc/init.d/freenx-server start
# /usr/bin/nxserver --status
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 110 NX Server is running
NX> 999 Bye
|
[ install NX Client for Windows 7 32bit ver ]
Download the NX client 3.5.0-7 for Windows as below.
The installation is very easy , just launch exe file and click next , next …
[ connect to CentOS from Windows 7 with NX client ]
start NX Client.
enter any session name and click configure.
enter the IP address
specify Desktop as UNIX , GNOME
configure display size : 1024x768
click save and OK.
chose session : CentOS5-2
enter username and credentials
click Login
error .. can’t connect.
check the NX client log. ( click Detail )
NX> 203 NXSSH running with pid: 4916
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: z.z.z.z on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.
|
Try to connect to the NX server with user “nx” ???
Seen from the following link , the NX server and NX Client firstly establish SSH connection with nx user and then spawn SSH session for the real user.
the NX client --------------------------------------------------------------- the NX server
1. establish SSH connection with *nx* uer
2. spawns SSH session for the real user.
|
To find out the root cause , I have to locate which step ( 1 or 2 ) is problem..
Seen from the audit log , it seems that nx user can’t establish SSH connection.
# tail -f /var/log/audit/audit.log
type=CRYPTO_SESSION msg=audit(1324010082.545:1430): user pid=5151 uid=0 auid=500 msg='op=start direction=from-client cipher=aes128-cbc ksize=128 rport=53089 laddr=serverIP lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=CRYPTO_SESSION msg=audit(1324010082.545:1431): user pid=5151 uid=0 auid=500 msg='op=start direction=from-server cipher=aes128-cbc ksize=128 rport=53089 laddr=serverIP lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=USER_LOGIN msg=audit(1324010082.685:1432): user pid=5151 uid=0 auid=500 msg='acct="nx": exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=sshd res=failed)'
type=USER_ERR msg=audit(1324010082.696:1433): user pid=5151 uid=0 auid=500 msg='PAM: bad_ident acct="?" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=failed)'
|
# nxsetup --install --setup-nomachine-key
|
--setup-nomachine-key Allow login with the key shipped with the NoMachine
client. This is fairly secure, and it simplifies the
configuration of clients. (Using a custom key pair.
increases security even more, but complicates the
configuration of clients.)
Use this option at your own risk.
|
# egrep -v ^# node.conf | egrep -v ^$
ENABLE_PASSDB_AUTHENTICATION="0"
ENABLE_SSH_AUTHENTICATION="1"
ENABLE_CLIPBOARD="both"
NX_LOG_LEVEL=4
NX_LOGFILE=/var/log/nx/nxserver.log
COMMAND_MD5SUM="md5sum"
|
# /etc/init.d/freenx-server restart
|
try again.
I was able to connect to the NX server.
audit log.
# tail -f /var/log/audit/audit.log
type=CRYPTO_SESSION msg=audit(1324015192.088:1531): user pid=8997 uid=0 auid=500 msg='op=start direction=from-client cipher=aes128-cbc ksize=128 rport=53335 laddr=serverIP lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=CRYPTO_SESSION msg=audit(1324015192.089:1532): user pid=8997 uid=0 auid=500 msg='op=start direction=from-server cipher=aes128-cbc ksize=128 rport=53335 laddr=serverIP lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=USER_AUTH msg=audit(1324015192.228:1533): user pid=8997 uid=0 auid=500 msg='op=pubkey_auth rport=53335 acct="nx" exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=CRYPTO_KEY_USER msg=audit(1324015192.228:1534): user pid=8997 uid=0 auid=500 msg='op=key algo=ssh-dsa size=384 fp=4b:9b:38:6b:24:33:6b:48:e4:f8:c4:5b:c9:f1:fd:98 rport=53335 acct="nx" exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=USER_ACCT msg=audit(1324015192.229:1535): user pid=8997 uid=0 auid=500 msg='PAM: accounting acct="nx" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1324015192.229:1536): user pid=8997 uid=0 auid=500 msg='PAM: setcred acct="nx" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=success)'
type=LOGIN msg=audit(1324015192.234:1537): login pid=8997 uid=0 old auid=500 new auid=102 old ses=191 new ses=224
type=USER_START msg=audit(1324015192.235:1538): user pid=8997 uid=0 auid=102 msg='PAM: session open acct="nx" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=success)'
type=CRED_REFR msg=audit(1324015192.235:1539): user pid=8999 uid=0 auid=102 msg='PAM: setcred acct="nx" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=success)'
type=CRYPTO_SESSION msg=audit(1324015193.025:1540): user pid=9123 uid=0 auid=500 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 rport=36339 laddr=127.0.0.1 lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=127.0.0.1, terminal=? res=success)'
type=CRYPTO_SESSION msg=audit(1324015193.025:1541): user pid=9123 uid=0 auid=500 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 rport=36339 laddr=127.0.0.1 lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=127.0.0.1, terminal=? res=success)'
type=USER_AUTH msg=audit(1324015193.382:1542): user pid=9123 uid=0 auid=500 msg='PAM: authentication acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=USER_ACCT msg=audit(1324015193.383:1543): user pid=9123 uid=0 auid=500 msg='PAM: accounting acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1324015193.384:1544): user pid=9123 uid=0 auid=500 msg='PAM: setcred acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=LOGIN msg=audit(1324015193.388:1545): login pid=9123 uid=0 old auid=500 new auid=500 old ses=191 new ses=225
type=USER_START msg=audit(1324015193.388:1546): user pid=9123 uid=0 auid=500 msg='PAM: session open acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=CRED_REFR msg=audit(1324015193.389:1547): user pid=9125 uid=0 auid=500 msg='PAM: setcred acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
|
[ keyboard mapping problem ]
1. I can’t enter underscore ‘_’
Seen from the output of “xmodmap –pke” , keycode 123 is not defined(blank).
NX server$ xmodmap -pke | grep 123
keycode 123 =
|
NX server$ echo 'keycode 123 = backslash underscore' > .Xmodmap
|
When connecting to the NX server , .Xmodmap will be loaded.
or if you have the Linux machine which has the correct keyboard mapping , dump the keyboard mapping file on that machine and then copy it to the NX server like this:
on the correct keyboard mapping machine
correct mapping Linux $ xmodmap –pke > keyboard_map.txt
correct mapping Linux $ scp keyboard_map.txt zzz@NXserver:
|
on the NX server
NX server $ cp keyboard_map.txt ~/.Xmodmap
|
2. keyboard layout issue
When connecting to the NX server , keyboard layout has changed from Japanese to U.S. English. To solve this , modify the NX client configuration file ( *.nxs )
In case of NX client for Windows , configuration files will be stored under user\user name\.nx\config\session_name.nxs
modify nxs file as below.
<option key="Custom keyboard layout" value="jp" />
|
[ other tips ]
- clipboard
If you configure "ENABLE_CLIPBOARD=”both” in node.cfg , you can copy and paste between the NX server and the NX client and vice-versa.
- auto start/stop NX server when booting the OS
# chkconfig freenx-server off
# chkconfig freenx-server on
|
Hope this helps
You're fucking awesome
ReplyDelete