Page 1 of 10 123 ... LastLast
Results 1 to 10 of 99

Thread: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fawn

  1. #1
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,918
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    How to remote desktop using SSH and FreeNX - OpenGL Seveas Repositories

    For Hardy, Intrepid, Jaunty, and beyond, an updated version of this guide is contained here: https://help.ubuntu.com/community/FreeNX I would suggest users follow the steps to this new guide and use this guide as a reference.

    Tutorial inspired by my original post: http://ubuntuforums.org/showthread.php?t=457633 attempting to get working ssh tunneled FreeNX server with only opengl freenx server package supplied by seveas repositories.

    There is another how-to guide for setting up FreeNX server under breezy, however installation is with packages supplied by nomachine and to my knowledge are not OpenGL compliant: http://ubuntuforums.org/showthread.p...ghlight=freenx

    Quick Overview of Process
    1. Modify /etc/apt/sources.list to include seveas repositories
    2. Ensure paths to fonts are correct within xorg.conf
    3. Download and install seveas packages
    4. Perform some key management functions for ssh server and nx user -- copy authorized_keys2 file to authorized_keys
    5. (Optional) - Setup ssh port number on router, sshd_config, and node.conf file
    6. Verify the nx user can ssh into server
    7. Add users to freenx database
    8. Perform key management for individual clients - copy authorized_keys2 file to authorized_keys in user personal .ssh directory
    9. Restart nx server
    10. Setup client

    My server client versions:
    FreeNx server: Version 1.5.0-60 OS (GPL)
    WindowsXP client: NoMachine Nx Client for Windows Version 2.1.0-17

    Assumptions
    1. U(K)(X)buntu Feisty Fawn 7.04 distribution (likely to work with earlier ubuntu distros -- however this is untested).
    2. Installed and functional ssh server
    3. Static IP address for server, or a dynamic IP address that is unlikely to change
    4. If behind router, ssh port is port forwarded to router
    5. Firewall either disabled, or enabled to allow for ssh communication

    The seveas repository provides Nx Client for Linux. Windows NoMachine Nx clients may be obtained for free from: http://www.nomachine.com/download.php

    1. Modify /etc/apt/sources.list

    Code:
    gksu gedit /etc/apt/sources.list
    Add the following at the bottom of the file:
    If for some reason, these seveas mirrors are broken additional repositories may be added. List of additional repositories may be found here: http://free.linux.hp.com/~brett/seveas/freenx/

    These packages can be authenticated using gpg -- which helps to avoid authentication errors. In order to accomplish this:
    Code:
    gpg --keyserver subkeys.pgp.net --recv-keys 1135D466
    gpg --export --armor 1135D466 | sudo apt-key add -
    2. Ensure font paths are correct in xorg.conf
    First backup xorg.conf file:
    Code:
    sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.bak
    Open, look at, the xorg.conf file
    Code:
    gksu gedit /etc/X11/xorg.conf
    Go to the section entitled "Files" and look at the different Font Paths. You need to ensure that these font paths are correct. When I originally installed from the Edgy Live CD these paths were totally incorrect, but caused no problem until the FreeNx server installation. This was the cause of a lot of headache. My Font Path section is as follows, but rather than blindly copying and pasting, please ensure these are correct for your installation:

    Code:
    Section "Files"
            FontPath        "/usr/share/fonts/X11/misc"
            FontPath        "/usr/share/fonts/X11/cyrillic"
            FontPath        "/usr/share/fonts/X11/100dpi/:unscaled"
            FontPath        "/usr/share/fonts/X11/75dpi/:unscaled"
            FontPath        "/usr/share/fonts/X11/Type1/"
            FontPath        "/usr/share/fonts/X11/100dpi/"
            FontPath        "/usr/share/fonts/X11/75dpi/"
            FontPath        "/usr/share/fonts/X11/misc/"
            # path to defoma fonts
            FontPath        "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
    EndSection
    3.Download and install the seveas freenx packages

    Code:
    sudo aptitude update
    sudo aptitude install freenx nxclient
    The server binaries are installed at: /usr/bin/nxserver
    The server configuration files are located at: /etc/nxserver/node.conf
    The client binaries are installed at: /usr/NX/bin
    The client configuration files are kept at: ~/.nx (This directory will not be created until using the nxclient for the first time).

    Installation of the freenx server creates a new user on the server:nx, with home directory of: /var/lib/nxserver/home. Inside this home directory is located a .ssh directory, and within this directory are created an authorized_keys2 and client.id_dsa.key. These keys are setup by the default installation program.

    4. Key management for nx server (nx user) - Copy nx server authorized_keys2 file to authorized_keys

    For purpose of this guide we are going to be using the default keys created during the installation of the freenx server. If you want to create custom keys (optional step), I would suggest doing this now by:
    Code:
    sudo dpkg-reconfigure freenx
    and choosing custom keys. I have not done this step.

    Current ssh servers expect authorization keys to be located in a file known as authorized_keys, and not authorized_keys2. To verify this is the expected file name:

    Code:
    sudo cat /etc/ssh/sshd_config | grep AuthorizedKeysFile
    For the purpose of this guide, I am assuming all private ssh keys are kept in authorized_keys and not authorized_keys2.

    Because the default installation places the nx user keys in authorized_keys2, rather than authorized_keys, we need to copy the nx user's authorized_keys2 file to authorized_keys. To do this:

    Code:
    cd /var/lib/nxserver
    sudo su
    cd home/.ssh
    cp authorized_keys2 authorized_keys
    chown nx authorized_keys
    exit
    5. Set port for ssh, nx server (Applicable only to those who are not running ssh over standard port 22).

    By default, both the ssh_server and freenx server are setup to listen on port 22. If you are using a different port number for ssh, you need to ensure the following:
    a. The ssh port number is forwarded from router to s/erver
    b. The sshd_config file reflects the appropriate port number
    Either add extra port number or modify Port statement in sshd_config to reflect appropriate port number
    c. Edit /etc/nxserver/node.conf file, and change line where it states #SSHD_PORT=22
    to SSHD_PORT=port_number. <--- Insert appropriate number
    d. Restart ssh server
    Code:
    sudo /etc/init.d/ssh restart
    6. Verify ssh connection using nx user (DEBUGING STEP)
    Although not necessary, this step will ensure that the nx user can use ssh to connect to the server. If this step fails, usage of the freenx server will fail also.

    Code:
    sudo su
    cd /var/lib/nxserver/home/.ssh
    ssh -i client.id_dsa.key nx@localhost
    Following should result demonstrating that the nx user can log into system via ssh:
    Code:
    HELLO NXSERVER - Version 1.5.0-60 OS (GPL)
    NX> 105
    To get back to normal user:
    Code:
    exit
    exit
    7. Do not proceed further if step #6 fails Add user to freenx database.

    Please note that this user must already have an account on the server.

    Code:
    sudo nxserver --adduser <user_to_add>
    sudo nxserver --passwd <user>
    For managing user's in the freenx database the following commands are helpful:
    sudo nxserver --help
    sudo nxserver --listuser
    sudo nxserver --restart

    Once user or users are added, restart the nx server:
    Code:
    sudo nxserver --restart
    8. Key management for individual users

    Have each user on server append created authorized_keys2 file to authorized_keys.
    After adding myself as a user to the freenx server database, an authorized_keys2 file was created in my ~/.ssh directory. Because I already had an authorized_keys file, I needed to append the authorized_keys2 file to my current authorized_keys file:
    Code:
    cat authorized_keys2 >> authorized_keys
    9. Restart nx server
    Setup at this point should be complete for the server.
    Please restart freenx server:

    Code:
    sudo nxserver --restart
    10. Client Setup
    For client setup (for example on windows) you need to download the client. The client needs to be configured to use SSL encryption of all traffic (under Advanced Tab) If you didnt modify the default ssh nxserver keys during the installation, the client by default should have the correct ssh client key already installed (to verify push the key button and ensure the key listed matches the key found at ~/.ssh/client.id_dsa.key). If you modified the installation to use custom keys, you will need to add the modified client key.

    If you run into trouble:
    1. Enable the debugging log in the server. Modify /etc/nxserver.node.conf to include NX_LOG_LEVEL=3. May change the number up to 7 to receive more information. The logs for each session are kept under ~/.nx and then look for a big long number that represents a directory. Within this directory are kept various logs which may help
    2. Even after fixing fonts in the xorg.conf file, I kept getting a font related error. At least on my nxserver, I had to add the following line to the /etc/nxserver/node.conf file:
    AGENT_EXTRA_OPTIONS_X="-fp /usr/share/fonts/X11/misc/"

    ***Thanks to Milamb0r for suggesting changes to the guide
    Last edited by kevdog; February 8th, 2009 at 02:28 AM. Reason: Title Correction

  2. #2
    Join Date
    Jan 2006
    Beans
    2,031

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    Thanks for this! As soon as things get less hectic around here, I really want to give this a try!

  3. #3
    Join Date
    Jul 2007
    Beans
    1

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    Hi,

    big thanks for the great HOWTO! Just tried it out and it worked well here.

    Perhaps you might kill some very small failures, probable typos:


    Quote Originally Posted by kevdog View Post

    7. Do not proceed further if step #6 fails Add user to freenx database.

    Please note that this user must already have an account on the server.

    Code:
    sudo nxserver --adduser
    sudo nxserver user --passwd
    For better understanding it should be:
    Code:
    sudo nxserver --adduser <user_to_add>
    sudo nxserver --passwd <user>
    and ..

    For managing user's in the freenx database the following commands are helpful:
    sudo freenx --help (lists all commands available)
    sudo freenx --listuser
    sudo freenx --restart
    These commands should be:
    Code:
    sudo nxserver --help
    sudo nxserver --listuser
    sudo nxserver --restart
    9. Restart nx server
    Setup at this point should be complete for the server.
    Please restart freenx server:

    Code:
    sudo nxserver -restart
    Just forgot a second "-" in front of restart here..

    Thanks again, appreciate it!

  4. #4
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,918
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    Thanks for the suggestions, hopefully the guide is working for you. Havent received much feedback -- it took me days to figure things out on my own!!

  5. #5
    Join Date
    Jun 2007
    Beans
    18

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    I have set up freenx on CENTOS 5 and it is similar to what you have done here. Can I ask, Is it possible to make the users use different ssh keys or do they use the same. Also I have not added seperate nx users and it seems to just be pulling them from the linux logins. Comments on security would be great.

  6. #6
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,918
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    Im not exactly sure what you are asking. I thought each user had to have an account on the server. Each user is assigned a client_id_dsa.key (public key) along with a correlating dss key that must be put in the authorized key. This combination could in theory be generated randomly for each user.

  7. #7
    Join Date
    Aug 2007
    Location
    Agugliano (AN), Italy
    Beans
    29
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    Quote Originally Posted by kevdog View Post
    6. Verify ssh connection using nx user (DEBUGING STEP)
    Although not necessary, this step will ensure that the nx user can use ssh to connect to the server. If this step fails, usage of the freenx server will fail also.

    Code:
    sudo su
    cd /var/lib/nxserver/home/.ssh
    ssh -i client.id_dsa.key nx@localhost
    Following should result demonstrating that the nx user can log into system via ssh:
    Code:
    HELLO NXSERVER - Version 1.5.0-60 OS (GPL)
    NX> 105
    To get back to normal user:
    Code:
    exit
    exit
    Hi,
    what if I fail step 6?
    I have managed to set up ports to 8888 and here is what I get:
    Code:
    root@...:/var/lib/nxserver/home/.ssh# ssh -i client.id_dsa.key nx@localhost -p 8888
    Read from socket failed: Connection reset by peer
    root@...:/var/lib/nxserver/home/.ssh#
    Checking my config against your steps:
    1.Repositories: OK
    2.I miss the:
    Code:
    FontPath        "/usr/share/fonts/X11/misc/"
    But i guess this isnt my problem...
    3.I miss nxclient but I just need the server on my ubuntu box...
    4.I edited /etc/ssh/sshd_config adding the line:
    Code:
    AuthorizedKeysFile %h/.ssh/authorized_keys2
    5.I use SSHD on port 8888 and accomplished this by editing both /etc/ssh/sshd_config:
    Code:
    Port 8888
    and /etc/nxserver/node.conf:
    Code:
    SSHD_PORT=8888
    Any ideas?

    P.S. EDIT
    I add the verbose output of the debugging ssh command... maybe you guys find it useful...
    Code:
    root@...:/var/lib/nxserver/home/.ssh# ssh -v -i client.id_dsa.key nx@localhost -p 8888
    OpenSSH_4.3p2 Debian-8ubuntu1, OpenSSL 0.9.8c 05 Sep 2006
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to localhost [127.0.0.1] port 8888.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file client.id_dsa.key type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-8ubuntu1
    debug1: match: OpenSSH_4.3p2 Debian-8ubuntu1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-8ubuntu1
    debug1: An invalid name was supplied
    Configuration file does not specify default realm
    
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    
    debug1: An invalid name was supplied
    Configuration file does not specify default realm
    
    debug1: An invalid name was supplied
    A parameter was malformed
    Validation error
    
    debug1: SSH2_MSG_KEXINIT sent
    Read from socket failed: Connection reset by peer
    root@...:/var/lib/nxserver/home/.ssh#
    Last edited by RealMabu; August 13th, 2007 at 05:12 PM.

  8. #8
    Join Date
    Nov 2005
    Location
    Northern Colorado, USA
    Beans
    16
    Distro
    Kubuntu 10.10 Maverick Meerkat

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    kevdog,

    You are THE MAN!! I've just spent the last 2 days, trying to get the most recent official releases of nomachine's server/node/client up and running, and could not (due to more errors than I'd care to try to remember), thinking that the official releases might be better than the others...

    I finally gave up, came back to your thread and followed your instructions explicitly (just as I had done with their's...), and suddenly IT JUST WORX!!!!!!!

    I appreciate ya' greatly, and so will many of my customers, once I can show them this!!

    Paul Harmor
    Tekoholix.Computer.Services

  9. #9
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,918
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    RealMabu

    Im not exactly sure what your problem is, however it is definitely related to the ssh login process (which isnt exactly related to FreeNx). I would confirm in your sshd_config you are using authorized_keys rather than authorized_keys2 and that inside the nx home directory you have copied authorized_keys2 to authorized_keys.

    I dont understand some of the errors you are getting, I would probably google them and see what comes up. Im not an expert in troubleshooting ssh errors


    tekoholix

    Glad the guide worked for you. Im not getting much feedback about the guide (as you can see). Im glad at least one person can verify the steps I suggested.

  10. #10
    Join Date
    Aug 2007
    Location
    Agugliano (AN), Italy
    Beans
    29
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: How to set up a tunneled FreeNX server with only seveas repositories in Feisty Fa

    Kevdog
    I got it running at last!
    At least in LAN it's working fine.
    I copied the auth...keys2 into auth...keys but it continued not to work...
    Then I noticed that even if I restarted sshd issuing
    Code:
    /etc/init.d/ssh restart
    as root, the sshd process was owned by my "normal" user...
    As if sshd didnt actually restart so I guess it didn't load the new config file.
    I killed the process "by hand" and started issuing
    Code:
    /etc/init.d/ssh start
    .
    Suddenly FreeNX is working.

    Thanks for your guide and your help.

    P.S. - re-reading your guide I noticed that in part 2 you have a double line (bold):
    Code:
    Section "Files"
            FontPath        "/usr/share/fonts/X11/misc"
            FontPath        "/usr/share/fonts/X11/cyrillic"
            FontPath        "/usr/share/fonts/X11/100dpi/:unscaled"
            FontPath        "/usr/share/fonts/X11/75dpi/:unscaled"
            FontPath        "/usr/share/fonts/X11/Type1/"
            FontPath        "/usr/share/fonts/X11/100dpi/"
            FontPath        "/usr/share/fonts/X11/75dpi/"
            FontPath        "/usr/share/fonts/X11/misc/"
            # path to defoma fonts
            FontPath        "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
    EndSection
    Is that intentional or just a mistake?

    Regrards.

Page 1 of 10 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •