Bug 475940 - qtnx only works with ./id.key
Summary: qtnx only works with ./id.key
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: freenx-client
Version: 10
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Axel Thimm
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 514947 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-12-11 07:21 UTC by Alexander Shopov
Modified: 2009-08-12 06:31 UTC (History)
7 users (show)

Fixed In Version: 0.9-10.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-10 21:46:14 UTC
Type: ---


Attachments (Terms of Use)

Description Alexander Shopov 2008-12-11 07:21:20 UTC
Description of problem:
I have two Fedora systems which have the same problem. After installing nx, freenx-client, freenx-server I am unable to login via qtnx.

Version-Release number of selected component (if applicable):

freenx-client-0.9-7.fc10.i386
freenx-server-0.7.3-11.fc10.i386
nx-3.2.0-31.fc10.i386

Systems - x86, fully updated as of 11 Dec 2008

How reproducible:
So far on two systems.

Steps to Reproduce:
1. Install freenx-client, freenx-server, nx
2. Start qtnx, make a connection to local host
3. Try to login with your username and password
  
Actual results:
Login fails.
Here is what is printed in the console:
 
------------------
[ash@dalgonosko ~]$ qtnx 
Process started
stderr> NX> 203 NXSSH running with pid: 4623
Warning: Identity file id.key not accessible: No such file or directory.
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 127.0.0.1 on port: 22
stderr> NX> 202 Authenticating user: nx
stdout> NX> 208 Using auth method: publickey
stdout> NX> 204 Authentication failed.
Invalid authentication key
Process exited
------------------

The same info is available in qtnx -> Connection -> Show log window



Expected results:
I wanted to log in.


Additional info:
I tried disabling selinux with setenforce 0 and additionally set password to the nx account as suggested in bug 462903. However this did not help.

Comment 1 dnwake 2009-01-23 20:07:02 UTC
I found a workaround.  Copy the public key file from the server to the file /tmp/id.key.  Then cd to /tmp, and launch qtnx from the /tmp directory.

Comment 2 Michael Ploujnikov 2009-05-15 01:03:26 UTC
I'm still getting "208 Using auth method: publickey 204 Authentication failed." even though I tried copying (from the server) /etc/nxserver/server.id_dsa.pub.key /etc/nxserver/users.id_dsa and /etc/nxserver/client.id_dsa.key to id.key on the client. I also made sure that qtnx is set to "Use default key", which probably means id.key.

Comment 3 Michael Ploujnikov 2009-05-15 14:13:17 UTC
I can successfully connect to localhost on an F9 machine by copying /etc/nxserver/client.id_dsa.key (because `ssh-keygen -y -f /etc/nxserver/client.id_dsa.key` matches /etc/nxserver/server.id_dsa.pub.key) to id.key in the user's current working directory.

I am also able to connect from the F10 machine to the F9 machine, but not the other way around.

I tried to simply copy F10:/etc/nxserver/server.id_dsa.pub.key to F9:/etc/nxserver/server.id_dsa.pub.key and F10:/etc/nxserver/client.id_dsa.key to F9:id.key and again connect to localhost on the F9 machine, but it failed with "208 Using auth method: publickey 204 Authentication failed."

Then I tried to copy F9:/etc/nxserver/server.id_dsa.pub.key to F10:/etc/nxserver/server.id_dsa.pub.key while keeping the same id.key on F9. Connecting to F10 from F9 still failed in with the same error.

Comment 4 Jonathan Haskins 2009-05-30 14:55:23 UTC
This is still an issue with Fedora 11/Rawhide. For some reason qtnx is ignoring the key provided in "Configure/Set Authentication Key" (stored in ~/.qtnx/*.nxml) and instead tries to pull it from id.key.

I was able to connect to/from rawhide by copying the server's client.id_dsa.key to id.key in qtnx's current working directory on the client.

I believe this patch references the same problem:

http://lists.kde.org/?l=freenx-knx&m=120802586323562

Comment 5 Luke Hutchison 2009-06-05 06:18:40 UTC
This may be the same as Bug 379581 -- try disabling SELinux on the server.

Comment 6 Jonathan Haskins 2009-06-06 16:08:02 UTC
Did you test it? I already disabled SELinux and still have the same behaviour. I will do a clean test when F11 comes out and report back, but I don't think the package has changed.

By the way, the PWD is your home directory when you run it from the menu, so the id.key file should just be placed in ~, although you have to keep changing the key to connect to different hosts.

Comment 7 Michael Ploujnikov 2009-06-08 01:36:17 UTC
I've managed to connect qtnx to my F10 server after setting SELinux to permissive mode on that server so I think this a duplicate of Bug 379581 for me.

Comment 8 Jonathan Haskins 2009-06-10 13:17:00 UTC
This is NOT a dup of Bug 379581. I installed a brand new F11 x86_64 and i686 on my workstation and laptop respectively. I installed freenx-server on one and freenx-client on the other. I then set SELinux to permissive on both (though the server wouldn't affect accessing a file on the client) and rebooted both with a relabel.

Entered the server's client.id_dsa.key into "Configure/Set Authentication Key" on the client as described above. Tried to connect:

----------------------------
Process started
stderr> NX> 203 NXSSH running with pid: 2443
Warning: Identity file id.key not accessible: No such file or directory.
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 192.168.0.102 on port: 22

stderr> NX> 202 Authenticating user: nx

stdout> NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

Process exit
----------------------------

Entered the same client.id_dsa.key into ~/id.key on the client. Tried to connect:

----------------------------
Process started
stderr> NX> 203 NXSSH running with pid: 2519
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 192.168.0.102 on port: 22

stderr> NX> 202 Authenticating user: nx

stdout> NX> 208 Using auth method: publickey

stdout> HELLO NXSERVER - Version 3.2.0-73 OS (GPL, using backend: 3.2.0)
NX> 105
stdin>  hello NXCLIENT - Version 3.0.0

stdout> hello NXCLIENT - Version 3.0.0
NX> 134 Accepted protocol: 3.0.0
NX> 105
...
----------------------------

This isn't a problem with SELinux, and just to reiterate, this is a bug on the client not the server.

Comment 9 Michael Ploujnikov 2009-06-10 13:45:27 UTC
Re: #8
You are right. After re-reading the original report again it seems most likely that Alexander was experiencing the client-side lack of ~/id.key problem. I propose that this bug be renamed to something like "Unable to login via freenx if ~/id.key is missing on client".

Comment 10 Alexander Shopov 2009-07-09 06:01:53 UTC
Hi everyone,

I had the exact same problem with fresh install of Fedora 11.
Comments #4 and #9 helped: indeed one must copy  
/etc/nxserver/client.id_dsa.key to ~/id.key, give access rights and things start working

However I must say that the experience was very frustrating.
The only mentioning of id.key is in /usr/share/doc/freenx-client-0.9/README.qtnx about MacOS  builds.

Maybe this is an upstream bug but as the interface and configuration files do not work properly, there should be some README.fedora in the package or proper mentioning of this workaround.

The bug can be renamed, but pleas do not close it as this is not a solution but a workaround.


Kind regards:
al_shopov

Comment 11 Fedora Update System 2009-07-25 23:05:07 UTC
freenx-client-0.9-10.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/freenx-client-0.9-10.fc10

Comment 12 Fedora Update System 2009-07-25 23:05:27 UTC
freenx-client-0.9-10.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/freenx-client-0.9-10.fc11

Comment 13 Fedora Update System 2009-07-27 21:27:01 UTC
freenx-client-0.9-10.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update freenx-client'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8008

Comment 14 Fedora Update System 2009-07-27 21:33:35 UTC
freenx-client-0.9-10.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update freenx-client'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-8028

Comment 15 Axel Thimm 2009-07-31 18:45:48 UTC
*** Bug 514947 has been marked as a duplicate of this bug. ***

Comment 16 Mohammed Arafa 2009-07-31 20:40:44 UTC
in bug #514947 i stated i have to start in .qtnx directory. and in that directory i have the remote's servers id.key file.

i also have installed the test package version freenx-client-0.9-10.fc11.x86_64 and it still exhibits the same behaviour.

Comment 17 Axel Thimm 2009-07-31 21:50:59 UTC
(In reply to comment #16)
> in bug #514947 i stated i have to start in .qtnx directory. and in that
> directory i have the remote's servers id.key file.

When you are in .qtnx, then ./id.key is the same as ~/.qtnx/id.key, that's why this is the same bug.

> i also have installed the test package version freenx-client-0.9-10.fc11.x86_64
> and it still exhibits the same behaviour.  

Did you also install the qtnx package? It was split off the main package in the upcoming update.

Comment 18 Mohammed Arafa 2009-08-01 05:58:48 UTC
with regards to .qtnx directory, i believe i read some documentation some where probably the mac readme as ash mentioned (the initial install was last year) as to having to create that .qtnx directory. in any case, i believe it is the correct place for configuration files and id keys much like .ssh

as to the test package, yes, i had uninstalled all previous *nx packages and ran the yum command. the packages were pulled in as a dependency

Comment 19 Mohammed Arafa 2009-08-01 05:59:57 UTC
ps. i first encountered this bug in fedora 10 and am now seeing it on fedora 11

Comment 20 Fedora Update System 2009-08-10 21:45:54 UTC
freenx-client-0.9-10.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Fedora Update System 2009-08-10 21:46:37 UTC
freenx-client-0.9-10.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.