770814 – Can't log in to freenx-server due to permissions on authorised keys file

Bug 770814 - Can't log in to freenx-server due to permissions on authorised keys file

Summary: Can't log in to freenx-server due to permissions on authorised keys file

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	freenx-server
Sub Component:
Version:	16
Hardware:	All
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Axel Thimm
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-12-29 10:23 UTC by Philip Allison
Modified:	2011-12-31 10:26 UTC (History)
CC List:	3 users (show)
Fixed In Version:	0.7.3-24
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-31 10:26:00 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Philip Allison 2011-12-29 10:23:10 UTC

Description of problem:

Cannot log in to freenx-server because the file /etc/nxserver/server.id_dsa.pub.key is not readable by the nx user.

Version-Release number of selected component (if applicable):

0.7.3-23.fc16

How reproducible:

Very

Steps to Reproduce:
1. Install freenx-server on a clean box
2. systemctl load freenx-server.service
3. systemctl start freenx-server.service
4. Copy /etc/nxserver/client.id_dsa.key to the client machine, and configure a session in nxclient using it as the server key
5. Try and connect with nxclient
  
Actual results:

Client does not connect.  Log reveals public key authentication failure for user nx.  Running sshd in debug mode on the server reveals that it cannot read /var/lib/nxserver/home/.ssh/authorized_keys2 (which is a symlink to /etc/nxserver/server.id_dsa.pub.key).

Expected results:

Client connects.

Additional info:

The symlink /var/lib/nxserver/home/.ssh/authorized_keys2 has ownership nx:root, but the file it links to is root:root and not world readable.  Changing the ownership of /etc/nxserver/server.id_dsa.pub.key to nx:root resolves the issue.

Comment 1 Ville Skyttä 2011-12-30 20:20:19 UTC

The mentioned steps to reproduce don't even result in creation of the /var/lib/nxserver/home/.ssh dir nor obviously the symlink in it -- did you omit a step?

Anyway, as mentioned in the freenx-server upstream documentation "nxsetup --install" should be run to complete the server setup before trying to connect, among other things that'll set the correct permissions in /etc/nxserver.

http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_Installation#Installing_the_FreeNX_Server

Granted, this is fairly non-obvious.  Maybe the package should be improved to ship a "installed" setup by default...?

Comment 2 Ville Skyttä 2011-12-30 20:37:22 UTC

(In reply to comment #1)
> The mentioned steps to reproduce don't even result in creation of the
> /var/lib/nxserver/home/.ssh dir nor obviously the symlink in it

Eh, something went wrong with the tests I made, so ignore the above, but "nxsetup --install" should still be run before connecting at least for now.

Comment 3 Ville Skyttä 2011-12-31 10:26:00 UTC

0.7.3-24 tries to detect if nxsetup --install has been run, and refuses to start if not.

Note You need to log in before you can comment on or make changes to this bug.