View previous topic :: View next topic |
Author |
Message |
elykyllek Tux's lil' helper
Joined: 16 Sep 2002 Posts: 103 Location: Halifax, Nova Scotia, Canada
|
Posted: Sat Sep 04, 2004 1:44 am Post subject: fluxbox |
|
|
Also I've been able to get it to run with kde, but as of yet I cannot get it to start with fluxbox. I've tried getting it to execute startx, exec fluxbox, startfluxbox, all with it just showing a black screen. Any ideas? |
|
Back to top |
|
|
gorth_kr n00b
Joined: 29 Aug 2004 Posts: 1
|
Posted: Sat Sep 04, 2004 1:15 pm Post subject: |
|
|
Is it possible to get NX working as a normal user? I would like to be able to access NX from a windows pc. |
|
Back to top |
|
|
Ari Rahikkala Guru
Joined: 02 Oct 2002 Posts: 370 Location: Finland
|
Posted: Sat Sep 04, 2004 2:20 pm Post subject: |
|
|
I've been hacking on nxserver-freenx for several hours over two days now, and it still doesn't work. Here's what I can remember from what problems I solved, kluge by kluge, not necessarily in chronological order:
- one of the NX packages didn't compile with gcc 3.4 - used gcc-config to switch to gcc 3.3.4
- "204 Authentication failed." error - I couldn't login as the user nx with publickey authentication. Solved by adding my private key (.ssh/id_dsa) to nx's $HOME/.ssh/authorized_keys2
- some other problem with authentication - freenx assumes that your AuthorizedKeysFile is .ssh/authorized_keys2, mine was .ssh/authorized_keys. I changed my home dir and /etc/ssh/sshd_config to suit freenx's needs
- "bye" not a defined command - applied http://debian.tu-bs.de/knoppix/nx/nx-0.1-2.diff to nxserver
- libXcomp.so.1.4.0 found - this one was done in a really klugey way, and it might have broken something... symlinked libXcomp.so.1.4.0 -> libXcomp.so in /usr/NX/lib
- nxssh not found - changed nxssh to $NX_DIR/bin/nxssh on some line in either nxserver or nxnode, not sure which
- various other troubles - reinstalling nxserver-freenx and co. when I wasn't sure if a change I had made had caused bad stuff to happen _________________ <laurentius> gentoo linux?
<ari> Yesh.
<laurentius> they look horny |
|
Back to top |
|
|
d_f0rce n00b
Joined: 06 Oct 2002 Posts: 27
|
Posted: Sun Sep 05, 2004 10:48 am Post subject: nxserver-freenx ebuild security problems |
|
|
Hi,
I've installed nxserver-freenx from the ports and after some tweaking everything runs fine now.
I saw that this ebuild does not create a new dsa key for /usr/NX/share/client.id_dsa.key but uses a static one which is hard coded. Isn't this a HUGE security risk? Every Gentoo user can connect to the NX server of another gentoo user without being asked for a password. And if there ever is a bug in nxserver the host is easily cracked. This destroys the whole NX security conecpt, doesn't it?
The ebuild should create new keys or at least print a BIG warning that these keys should be replaced in a production environment.
UPDATE:
I created a bug report: https://bugs.gentoo.org/show_bug.cgi?id=62912
Greets,
d_f0rce |
|
Back to top |
|
|
StifflerStealth Retired Dev
Joined: 03 Jul 2002 Posts: 968
|
Posted: Tue Sep 07, 2004 12:28 am Post subject: |
|
|
I cannot even use the portage ebuilds because the following happens: Code: | root@dingbat /home/stiffler # ACCEPT_KEYWORDS="~x86" emerge -pv nxserver-freenx
These are the packages that I would merge, in order:
Calculating dependencies
!!! all ebuilds that could satisfy "nxserver-freenx" have been masked.
!!! possible candidates are:
!!! Error calculating dependencies. Please correct. | I even tried to manually edit all the ebuilds and eclasses to change ~x86 to x86, but that still did not help. Does anyone know what is going on?
Thanks. |
|
Back to top |
|
|
djmaze n00b
Joined: 25 Jun 2003 Posts: 36 Location: Berlin, Germany
|
Posted: Tue Sep 07, 2004 12:32 am Post subject: |
|
|
Quote: |
I cannot even use the portage ebuilds because the following happens:
Code:
Code: |
root@dingbat /home/stiffler # ACCEPT_KEYWORDS="~x86" emerge -pv nxserver-freenx
These are the packages that I would merge, in order:
Calculating dependencies
!!! all ebuilds that could satisfy "nxserver-freenx" have been masked.
!!! possible candidates are:
!!! Error calculating dependencies. Please correct.
|
I even tried to manually edit all the ebuilds and eclasses to change ~x86 to x86, but that still did not help. Does anyone know what is going on?
Thanks. |
You should try a new sync. I had this before, and I believe this was fixed by syncing the portage tree! |
|
Back to top |
|
|
StifflerStealth Retired Dev
Joined: 03 Jul 2002 Posts: 968
|
Posted: Tue Sep 07, 2004 12:49 am Post subject: |
|
|
djmaze wrote: | You should try a new sync. I had this before, and I believe this was fixed by syncing the portage tree! | I did a new sync and that did not work, I get the same error, so I did an emerge regen, and that did not work. I will try syncing tomorrow. I keep my system up-to-date, so i do not know what the problem is. |
|
Back to top |
|
|
Spearhead n00b
Joined: 30 Aug 2004 Posts: 7
|
Posted: Tue Sep 07, 2004 2:30 am Post subject: |
|
|
StifflerStealth wrote: | I cannot even use the portage ebuilds because the following happens: Code: | root@dingbat /home/stiffler # ACCEPT_KEYWORDS="~x86" emerge -pv nxserver-freenx
These are the packages that I would merge, in order:
Calculating dependencies
!!! all ebuilds that could satisfy "nxserver-freenx" have been masked.
!!! possible candidates are:
!!! Error calculating dependencies. Please correct. | I even tried to manually edit all the ebuilds and eclasses to change ~x86 to x86, but that still did not help. Does anyone know what is going on?
Thanks. |
Try emerging by giving emerge the complete path to the ebuild "/usr/portage....." and not only "nxserver-freenx", maybe that'll work? |
|
Back to top |
|
|
jsaitoh n00b
Joined: 20 Jul 2003 Posts: 4
|
Posted: Tue Sep 07, 2004 4:03 am Post subject: Authentication Failing at an odd location |
|
|
If anyone knows how to solve this... please enlighten me... I've been
trying everything mentioned on this board using the nxserver-freenx
ebuild.
The following are what I have done:
Code: |
ACCEPT_KEYWORDS="~x86" emerge nxserver-freenx
chmod u+x /usr/NX/var/db/*
chown -R nx:root /usr/NX
nxserver --adduser jsaitoh
nxserver --passwd jsaitoh
*entered a password*
|
I fixed the DSA key issues by using my own keys via ssh-keygen, and
seem to be fine.
What I am getting is:
Code: |
NX> 203 NXSSH running with pid: 3232
NX> 200 Connected to address: 172.16.0.101 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 1.4.0-01 OS (GPL)
NX> 105 Hello NXCLIENT - Version 1.3.2
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: jsaitoh
NX> 102 Password:
NX> 103 Welcome to: os-test user: jsaitoh
NX> 105 startsession --session="Test" --type="unix-kde" --cache="8M" --images="32M" --cookie="16c4254319c96827024d1bcceccb57a7" --link="modem" --backingstore="never" --geometry="fullscreen" --keyboard="jp" --kbtype="pc105/jp" --media="0" --agent_server="" --agent_user="" --agent_password=""
NX> 204 Authentication failed.
NX> 105
|
What's bugging me is: "Authentication failed" after accepting my DSA
keys (sshd) and my username/password combo(nxserver). For some
reason, I am unauthenticated to "startsession". Has anyone seen this
problem, and solved the issue other than what has been shown above?
Thanks in advance for any input. |
|
Back to top |
|
|
erlich n00b
Joined: 30 Jan 2004 Posts: 14
|
Posted: Tue Sep 07, 2004 9:12 am Post subject: |
|
|
tried the ebuilds: didn't work. no nxsetup was installed (somehow)
tried the 'long way', and then nxsetup was there. done the whole process and it works like a charm!
thanks a lot! |
|
Back to top |
|
|
djmaze n00b
Joined: 25 Jun 2003 Posts: 36 Location: Berlin, Germany
|
Posted: Tue Sep 07, 2004 11:11 am Post subject: |
|
|
jsaitoh, please try running the nx* programs manually. I think this will show the problem.
Code: |
nxproxy
nxagent
nxssh
|
There may be some dynamic linking problems. Personally, I fixed this by re-emerging nx-x11-1.4.0. |
|
Back to top |
|
|
elykyllek Tux's lil' helper
Joined: 16 Sep 2002 Posts: 103 Location: Halifax, Nova Scotia, Canada
|
Posted: Tue Sep 07, 2004 3:42 pm Post subject: |
|
|
Just got an email announcing that FreeNX 0.2 it out.
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.tar.gz
Heres the email from Fabian Franz <fabianfranz@gmx.de>:
Quote: |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
FreeNX 0.2 is out.
You can get it from:
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.tar.gz
I've decided to build up tarballs as mornfall from kalyxo.org did not react to
the latest changes, yet and I do not have access.
A cvs will be setup at freedesktop.org as soon as possible.
@Stuart:
PAM Authentication, which is now the default does login the user with the help
of ssh and the provided password. I hope that does suit your security needs,
as so ssh should do the account locking / logging.
(But users then should _not_ use the nxserver --adduser command anymore!)
I also included a gentoo-nomachine.diff, which should help making an ebuild
(as soon as you've checked and disabled everything that is insecure in your
eyes) easier.
@All:
It is no longer necessary to install nxclient on the server, as xmessage will
take care of the dialog functions.
Note: nxsetup will not use the NoMachine key by default. nxsetup will tell you
that you should distribute the keys to the clients.
Thanks goes to Tom Hibbert for ideas and for providing updated gentoo scripts.
ChangeLog:
07.09.2004
* Reworked the whole security model in nxsetup due to requests from
SuSE and Gentoo.
- nxsetup does not use the NoMachine key by default.
- PAM authentication is enabled by default.
* Added nxclient for compatibility with nxclient -dialog mode.
* Minor changes
* Added SSHD_AUTH_PORT to config vars in nxserver
* Made all programs NX_ aware
* Programs do now honor the setting of AuthorizedKeysFile in
sshd_config
* Changed nxsetup check from direct reading of passwd to
getent
(Thanks to Tom Hibbert <tom@nsp.co.nz>)
* Changed overall messages in nxsetup
* Made a overall clean upstream package.
* Added Gentoo / NoMachine compatibility diff
06.09.2004
* Added pam authentication
* Added user_db switch
* moved some su - to nxnode-login
02.09.2004
* Added support for snapshot 4 (43/66)
* Fixed compatibility issue with 1.3.0
(Used by Knoppix 3.4 and earlier)
* added sane logging (LOGGING is now properly used)
cu
Fabian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBPTjxI0lSH7CXz7MRAokgAJ44piUt3p/6I/ctSoHp+U8obr1NWACfe/mZ
IophsQ+BMR1rgDvEX5od67Q=
=Nuu5
-----END PGP SIGNATURE-----
|
|
|
Back to top |
|
|
StifflerStealth Retired Dev
Joined: 03 Jul 2002 Posts: 968
|
Posted: Tue Sep 07, 2004 4:49 pm Post subject: |
|
|
Spearhead wrote: | Try emerging by giving emerge the complete path to the ebuild "/usr/portage....." and not only "nxserver-freenx", maybe that'll work? | That did work. I did a pretend because I was compiling the new OOo-Ximain 1.3.3-r1 ebuild and I did not want to stop that. I find it odd that I had to do that. I remember having to give the exact path to the ebuild back in the early days of portage 1.x, the really early days.
elykyllek wrote: | Just got an email announcing that FreeNX 0.2 it out. | I guess I will wait for the ebuild to be in portage before I install. The Devs of FreeNX are really cool. I mean, they personally addressed Stu in the email and included stuff for Gentoo. I wonder if the Devs of FreeNX read this Thread. |
|
Back to top |
|
|
stuherbert Retired Dev
Joined: 17 Aug 2003 Posts: 47 Location: Pontypridd, South Wales
|
Posted: Tue Sep 07, 2004 8:51 pm Post subject: |
|
|
I've currently package-masked all versions of nxserver (both commercial and freenx) until I've had the chance to test & document the security concern reported in https://bugs.gentoo.org/show_bug.cgi?id=62912. That's why you've been having trouble emerging nxserver-freenx in the last 24 hours.
I've just committed an ebuild for FreeNX 0.2. It contains all the fixes suggested in here to date. Still doesn't work for me (although the commercial NXserver works nicely . Should have some more time tomorrow to work on this.
Best regards,
Stu _________________ --
stuart@gentoo.org
Gentoo Developer
Trustee, Gentoo Foundation
http://blog.stuartherbert.com |
|
Back to top |
|
|
StifflerStealth Retired Dev
Joined: 03 Jul 2002 Posts: 968
|
Posted: Tue Sep 07, 2004 10:04 pm Post subject: |
|
|
stuherbert wrote: | I've currently package-masked all versions of nxserver (both commercial and freenx) until I've had the chance to test & document the security concern reported in https://bugs.gentoo.org/show_bug.cgi?id=62912. That's why you've been having trouble emerging nxserver-freenx in the last 24 hours. | That would explain the trouble I was having. I did a Code: | echo ">=net-misc/nxserver-freenx-0.1" >> /etc/portage/package.unmask | and I no longer need to point to the ebuild anymore. I will install Version 0.2 now to test it out. I am not too concerned with the security thing because I am behind a hardware firewall and my parents know nothing about Linux, so I am safe. Yay, now it's time to play with a new toy. |
|
Back to top |
|
|
jd5419 Tux's lil' helper
Joined: 26 Apr 2004 Posts: 110 Location: RI, USA
|
Posted: Tue Sep 07, 2004 10:45 pm Post subject: |
|
|
just a hint, dont use 1.4.0 nxclient, it gave me a problem i'm sticking with 1.3.2 worked fine with 1.3.2 but not with new it sayd somthing about bye and wouldnt work right |
|
Back to top |
|
|
StifflerStealth Retired Dev
Joined: 03 Jul 2002 Posts: 968
|
Posted: Tue Sep 07, 2004 11:43 pm Post subject: |
|
|
I read about client version 1.4.0 not working right, but I will try it just to see if 0.2 has better compatibility. If not I can always downgrade the nxclient, or do I need to rebuild everything?
The new version 0.2 ebuild had the three dependecies and all those were built with no errors or warnings, but I have no nxsetup. What gives? Is nxsetup no longer needed with the new FreeNX 0.2 release? If not, then how do I set this up? Do I just need to run nxserver? I did a locate to try to find it, but it is not there. I am really new to FreeNX, as you can tell. |
|
Back to top |
|
|
jd5419 Tux's lil' helper
Joined: 26 Apr 2004 Posts: 110 Location: RI, USA
|
Posted: Wed Sep 08, 2004 12:10 am Post subject: |
|
|
me too and as i just get it set up i find 0.2 is out.
if anyone wants help getitng it to go (as i've made a few changes and kinda know whats going on) you can hit me up on aim jd880506 or other means if u want. |
|
Back to top |
|
|
StifflerStealth Retired Dev
Joined: 03 Jul 2002 Posts: 968
|
Posted: Wed Sep 08, 2004 12:49 am Post subject: |
|
|
Ok, I have no nxsetup, and when I do a nxserver --help, there is no option listed for add user. How do I get this thing going? Gah. *pulls hair out* |
|
Back to top |
|
|
jd5419 Tux's lil' helper
Joined: 26 Apr 2004 Posts: 110 Location: RI, USA
|
Posted: Wed Sep 08, 2004 2:03 am Post subject: |
|
|
i have it working and in fluxbox, but i open a xterm and it just sits there all white with no prompt per say... is thsi just me? is somthing messed up what do i have to change? |
|
Back to top |
|
|
djmaze n00b
Joined: 25 Jun 2003 Posts: 36 Location: Berlin, Germany
|
Posted: Wed Sep 08, 2004 9:00 am Post subject: |
|
|
nxserver-0.2 uses PAM authentication, so everyone who is able to login via SSH to your machine should be able to connect to the NX server (with the same password)! |
|
Back to top |
|
|
Ari Rahikkala Guru
Joined: 02 Oct 2002 Posts: 370 Location: Finland
|
Posted: Wed Sep 08, 2004 4:05 pm Post subject: |
|
|
I wish. That's exactly what has *me* stumped at the moment. I can log in as nx with publickey authentication just fine with SSH, but when I try to use nxclient, I get locked out. Now I could play around with strace... but I could also just hand-hack something that works out of the upstream sources... it seems that that has worked for oher people. _________________ <laurentius> gentoo linux?
<ari> Yesh.
<laurentius> they look horny |
|
Back to top |
|
|
StifflerStealth Retired Dev
Joined: 03 Jul 2002 Posts: 968
|
Posted: Wed Sep 08, 2004 4:38 pm Post subject: |
|
|
Ok, the server works, sort of. I guess the nxsetup is not needed for the ebuild version, because everything seems to be setup automatically. I can add a user now and nxserver was already running. I can get KDE in a 1024x768 window and it works fine.
However, I just want to run Thunderbird as a window. I have seen screenshots where programs like Kmail and Konqueror are running in a window. I try to run Thunderbird, and the program is in the upper left of the screen. when I try to move the window, Thunderbird stays in the same location, but the black box moves, so the program is out of the box area and gets cut off. I have the Display set to "Available Area", The Settings for the desktop is "Floating Window". The KDE Desktop window moves and KDE moves with it, so why does Thunderbird stay in the upperleft of my screen while the display box moves?
I hope I explained this well. |
|
Back to top |
|
|
jd5419 Tux's lil' helper
Joined: 26 Apr 2004 Posts: 110 Location: RI, USA
|
Posted: Wed Sep 08, 2004 6:18 pm Post subject: |
|
|
I have the new freenx yet i still have to continue using --adduser and its still in there, did i do somthing wrong?
he04 log # nxserver --version
NXSERVER - Version 1.4.0-02 OS_(GPL)
he04 log #
no?
he04 log # emerge search freenx
Searching...
[ Results for search key : freenx ]
[ Applications found : 1 ]
* net-misc/nxserver-freenx
Latest version available: 0.2
Latest version installed: 0.2
Size of downloaded files: 21 kB
Homepage: http://www.kalyxo.org/twiki/bin/view/Main/FreeNX
Description: X11 protocol compression library
License: GPL-2
he04 log #
where did i mess up? |
|
Back to top |
|
|
jd5419 Tux's lil' helper
Joined: 26 Apr 2004 Posts: 110 Location: RI, USA
|
Posted: Wed Sep 08, 2004 6:53 pm Post subject: |
|
|
OK i went from it working but being unsatisfied with the sessions not working so i had to go break it... anyway what does this mean?
Loop: WARNING! Ignoring unknown option 'listen' with value '37283'.
Warning: Ignoring unknown option 'listen' with value '37283'.
NXPROXY - Version 1.3.2
Copyright (C) 2001,2003 NoMachine.
See http://www.nomachine.com/ for more information.
Info: Proxy running in client mode with pid '29121'.
Error: Failed to resolve address of ''.
Error: Unknown remote host ''. |
|
Back to top |
|
|
|