Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] NXServer Free Edition Stopped Working Today
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
figueroa
Guru
Guru


Joined: 14 Aug 2005
Posts: 401
Location: GA-USA

PostPosted: Wed Nov 04, 2015 11:25 pm    Post subject: [SOLVED] NXServer Free Edition Stopped Working Today Reply with quote

Today, after running updates as follows:
Quote:

[ebuild U ] sys-apps/kmod-21 [20]
[ebuild U ] sys-apps/xinetd-2.3.15-r2 [2.3.15-r1]
[ebuild U ] net-nds/rpcbind-0.2.3-r1 [0.2.0-r1] USE="-debug% -systemd% -warmstarts%"
[ebuild U ] net-wireless/bluez-5.35 [5.33]
[ebuild U ] dev-python/pypax-0.9.2 [0.9.0]
[ebuild U ] sys-apps/elfix-0.9.2 [0.9.0-r1]
[ebuild U ] app-admin/sudo-1.8.15-r1 [1.8.14_p3]
[ebuild U ] net-misc/openssh-7.1_p1-r2 [6.9_p1-r2] USE="(-libressl)"


NXServer Free Edition stopped working, getting the message in the client that, NX server has stopped working. I tried restarting it, and also restarted sshd, and finally rebooted, but still cannot get NX Server to start. I was able to access my server with X2GO, but I don't find X2GO as useful as NX Server.

I would be thankful for any clues.
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983.


Last edited by figueroa on Thu Nov 05, 2015 4:51 am; edited 1 time in total
Back to top
View user's profile Send private message
russK
l33t
l33t


Joined: 27 Jun 2006
Posts: 618

PostPosted: Thu Nov 05, 2015 12:02 am    Post subject: Reply with quote

"stopped working" is not a very helpful error message.

Just a shot in the dark, could there be some kind of issue with keys or certs since openssh was rebuilt?
Back to top
View user's profile Send private message
figueroa
Guru
Guru


Joined: 14 Aug 2005
Posts: 401
Location: GA-USA

PostPosted: Thu Nov 05, 2015 4:50 am    Post subject: Reply with quote

Thank you for the reply russK. You are right, I was hardly specific enough.

From the nxclient-3.5.0.7 I get the error: "The NX service is not available or NX access was disabled on host"

So, I go to start the nxserver (nxserver-freeedition-3.5.0.5) with /etc/init.d/nxserver restart, and I get the message: "NX> 500 Service already running." Then, I do /etc/init.d/nxserver restart and it appears to stop and restart just fine and /etc/init.d/nxserver status tells me that the service is running.

However, /usr/NX/bin/nxserver --status reports:
NX> 900 Connecting to server ...
NX> 204 Authentication to NX server failed.
NX> 110 NX Server is stopped.
NX> 999 Bye.

I check /var/log/sshd and see the error: [sshd] userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

None of my /etc/ssh configuration files changed. However ...

As I type this, I added: "PubkeyAcceptedKeyTypes=+ssh-dss" to /etc/ssh/sshd_config then restarted sshd and that seems to have fixed the problem, although when I first upgraded to OpenSSH version 7.0 this solution did not work.

I'm marking as SOLVED, though frustrated by the complexity of these changes. Apparently I should just learn to love X2GO.
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983.
Back to top
View user's profile Send private message
hdcg
n00b
n00b


Joined: 07 Apr 2013
Posts: 56

PostPosted: Thu Nov 05, 2015 5:01 am    Post subject: Reply with quote

Hi Andy,

there was a news item informing anyone about this change in behaviour as well as a hint about how to get back to the old behaviour (same solution as used by you).

Quote:

2015-08-13-openssh-weak-keys
Title OpenSSH 7.0 disables ssh-dss keys by default
Author Mike Frysinger
Posted 2015-08-13
Revision 1

Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has
been disabled by default at runtime due to their inherit weakness. If
you rely on these key types, you will have to take corrective action or
risk being locked out.

Your best option is to generate new keys using strong algos such as rsa
or ecdsa or ed25519. RSA keys will give you the greatest portability
with other clients/servers while ed25519 will get you the best security
with OpenSSH (but requires recent versions of client & server).

If you are stuck with DSA keys, you can re-enable support locally by
updating your sshd_config and ~/.ssh/config files with lines like so:
PubkeyAcceptedKeyTypes=+ssh-dss

Be aware though that eventually OpenSSH will drop support for DSA keys
entirely, so this is only a stop gap solution.

More details can be found on OpenSSH's website:
http://www.openssh.com/legacy.html


Best Regards,
Holger
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum