Не устанавливается RX@Etersoft под ubuntu server

[Nikson]

Система: ubuntu server 11.04 с установленым ubuntu-desktop
Пытаюсь поставить rx@ethersoft по инструкции отсюда http://wiki.etersoft.ru/RX/install?v=grj , на последнем шаге получаю:

Код:

xxx@server:~$ sudo rxsetup Configuration error, see rxsetup.log for details

содержимое rxsetup.log следующее:

Код:

passwd: password expiry information changed. Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service ssh start Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the start(8) utility, e.g. start ssh Setting up /etc/nxserver ...done Setting up /var/lib/nxserver/db ...done Setting up /var/log/nxserver.log ...done Setting up known_hosts and authorized_keys2 ...done Setting up permissions ...done ----> Testing your nxserver configuration ...

ради интереса пробовал запустить - запустилось, но клиент подключиться не может, сообщает что nx сервер не включен

если будете рекомендовать всё снести - напишите как это сделать без ущерба для системы

Сильно не бейте - опыт маленький, а с терминалами просто никакой...

[DjSpike]

покажи вывод команды nxsetup --test

[baraka]

Пакеты откуда ставили из версии testing или 1.1?

[Nikson]

2baraka:
пакеты ставил из 1.1

2DjSpike:
Сейчас сервер на работе, а я дома, поэтому посмотреть не могу. Когда пытался запустить nxsetup с какими-то другими ключами, реагировал он неадекватно, выдавая микро-справку с единственной командой смены пароля, которая тоже не работала...
Напишите как себя вести в зависимости от того, что выдаст nxsetup --test, если не сложно описать несколько вариантов. Очень хочется решение утром найти.
Спасибо!

[DjSpike]

у тебя после установки rx@etersoft должен появиться пользователь NX, активируй его...

[Nikson]

DjSpike
до этого сам допёр, не помогло

[baraka]

2baraka:
пакеты ставил из 1.1

Попробуйте пакеты из ветки testing, на сколько я знаю она в ближайшее время станет stable.

[Nikson]

Код:

xxx@server:~$ sudo nxsetup --test [sudo] password for artem: ----> Testing your nxserver configuration ... Warning: Invalid value "APPLICATION_LIBRARY_PRELOAD=/usr/lib64/libX11-nx.so.6:/usr/lib64/libXext-nx.so.6:/usr/lib64/libXcomp.so.3:/usr/lib64/libXcompext.so.3:/usr/lib64/libXrender.so.1". /usr/lib64/libXrender.so.1 could not be found. Users will not be able to run a single application in non-rootless mode. Warning: Invalid value "KDE_PRINTRC=/home/artem/.kde/share/config/kdeprintrc". ENABLE_KDE_CUPS will not work. For root it's normal. Try to run 'nxloadconfig --check' by user. Warning: Invalid value "CUPS_ETC=/etc/cups/" Users will not be able to enable printing. Warning: Invalid value "DEFAULT_X_SESSION=/etc/X11/xdm/Xsession" Users might not be able to request a default X session. Warning: Invalid value "COMMAND_START_KDE=startkde" Users will not be able to request a KDE session. Warning: Invalid value "COMMAND_START_CDE=cdwm" Users will not be able to request a CDE session. Warning: Invalid permissions on "/sbin/mount.cifs". Valid permissions are "4711". You'll not be able to use SAMBA. Warning: Invalid value "COMMAND_SMBUMOUNT=smbumount". You'll not be able to use SAMBA. Warning: Invalid value "COMMAND_SMBUMOUNT_CIFS=/sbin/umount.cifs". You'll not be able to use SAMBA. Warnings occured during config check. To enable these features please correct the configuration file. <---- done ----> Testing your nxserver connection ... Permission denied (publickey,password). Fatal error: Could not connect to NX Server. Please check your ssh setup: The following are _examples_ of what you might need to check. - Make sure "nx" is one of the AllowUsers in sshd_config. (or that the line is outcommented/not there) - Make sure "nx" is one of the AllowGroups in sshd_config. (or that the line is outcommented/not there) - Make sure your sshd allows public key authentication. - Make sure your sshd is really running on port 22. - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2. (this should be a filename not a pathname+filename) - Make sure you allow ssh on localhost, this could come from some restriction of: -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost -the iptables. add to it: $ iptables -A INPUT -i lo -j ACCEPT $ iptables -A OUTPUT -o lo -j ACCEPT

Покопался в настройках ssh, добавил в файл то, что предложил nxsetup. Вот, на всякий случай sshd_config:

Spoiler

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

#AuthorizedKeysFile %h/.ssh/authorized_keys
AuthorizedKeysFile authorized_keys2

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
AllowUsers nx user1 user2 user3 user4 user5 user6
Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

похоже что проблема в ssh - подключиться не могу - Permission denied

update:
ssh заработал нормально, nx всё равно не подключается, клиент настаивает что сервер выключен

update2:
после установки пакетов из testing rxsetup отработал успешно, но клиент сервера точно так же не видит. У пользователя nx может быть любой пароль? Полное ощущение что клиента просто не пускает по ssh.

[Nikson]

Поставил все пакеты от этерсофкта, openssh-server, expect.
Завел две тестовый учетки test1 и test2
запустил rxsetup
Отредактировал
nano /etc/nxserver/node.conf.d/01-auth.conf

Код: Выделить всё

ENABLE_PASSDB_AUTHENTICATION="1"
ENABLE_USER_DB="1"

разлочил учетку nx

Код: Выделить всё

passwd -u nx

Перезагрузил ssh и nx

Код: Выделить всё

nxserver --install --setup-nomachine-key --clean --purge

завел пользователей в nx

Код: Выделить всё

nxserver --adduser test1
nxserver --passwd test1
nxserver --adduser test2
nxserver --passwd test2

Перезапускаю nx
Запускаю nxclient он выдает мне

Код: Выделить всё

NX> 203 NXSSH running with pid: 15743
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 127.0.0.1 on port: 22
NX> 211 The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is 7b:73:13:82:55:92:c0:03:8a:ca:1a:ee2:1c:f2:0c.
Are you sure you want to continue connecting (yes/no)?
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

Запускаю nxsetup --test

Код: Выделить всё

----> Testing your nxserver configuration ...
Warning: Invalid value "APPLICATION_LIBRARY_PRELOAD=/usr/lib64/libX11-nx.so.6:/usr/lib64/libXext-nx.so.6:/usr/lib64/libXcomp.so.3:/usr/lib64/libXcompext.so.3:/usr/lib64/libXrender.so.1". /usr/lib64/libXrender.so.1 could not be found. Users will not be able to run a single application in non-rootless mode.
Warning: Invalid value "KDE_PRINTRC=/home/artem/.kde/share/config/kdeprintrc". ENABLE_KDE_CUPS will not work.
         For root it's normal. Try to run 'nxloadconfig --check' by user.
Warning: Invalid value "CUPS_ETC=/etc/cups/"
         Users will not be able to enable printing.
Warning: Invalid value "DEFAULT_X_SESSION=/etc/X11/xdm/Xsession"
         Users might not be able to request a default X session.
Warning: Invalid value "COMMAND_START_KDE=startkde"
         Users will not be able to request a KDE session.
Warning: Invalid value "COMMAND_START_CDE=cdwm"
         Users will not be able to request a CDE session.
Warning: Invalid permissions on "/sbin/mount.cifs". Valid permissions are "4711". You'll not be able to use SAMBA.
Warning: Invalid value "COMMAND_SMBUMOUNT=smbumount". You'll not be able to use SAMBA.
Warning: Invalid value "COMMAND_SMBUMOUNT_CIFS=/sbin/umount.cifs". You'll not be able to use SAMBA.

  Warnings occured during config check.
  To enable these features please correct the configuration file.

<---- done

----> Testing your nxserver connection ...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
expect: spawn id exp6 not open
    while executing
"expect {
            "Are you sure you want to continue connecting (yes/no)?" { send "yes\r" }
            "Permission denied*" { exit 1 }
            "HELLO NXSERVER - Version*..."
    invoked from within
"if { "$auth_method"=="test-nx" } {
    set stty_init "raw icrnl -echo"

    set publickey ""
    catch {set publickey $env(NODE_PUBLICKEY)}

    set pid [spawn -..."
    (file "/usr/bin/nxnode-login" line 30)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
f9:1e:be:28:ce:e8:37:00:f2:78:1b:98:ac:db:db:cd.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R 127.0.0.1
ECDSA host key for 127.0.0.1 has changed and you have requested strict checking.
Host key verification failed.
Fatal error: Could not connect to NX Server.

Please check your ssh setup:

The following are _examples_ of what you might need to check.

    - Make sure "nx" is one of the AllowUsers in sshd_config.
    (or that the line is outcommented/not there)
    - Make sure "nx" is one of the AllowGroups in sshd_config.
    (or that the line is outcommented/not there)
    - Make sure your sshd allows public key authentication.
    - Make sure your sshd is really running on port 22.
    - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2.
    (this should be a filename not a pathname+filename)
  - Make sure you allow ssh on localhost, this could come from some
    restriction of:
      -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost
      -the iptables. add to it:
         $ iptables -A INPUT  -i lo -j ACCEPT
         $ iptables -A OUTPUT -o lo -j ACCEPT

у кого-нибудь есть идеи? есть крайний вариант переустановки системы, но очень не хочется...

[dimbor]

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
f9:1e:be:28:ce:e8:37:00:f2:78:1b:98:ac:db:db:cd.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R 127.0.0.1
ECDSA host key for 127.0.0.1 has changed and you have requested strict checking.
Host key verification failed.

sshd_config:

RhostsRSAAuthentication no
HostbasedAuthentication no

# и для кучи
AuthorizedKeysFile .ssh/authorized_keys2

Еще оченно не нравится эта строчка, но это может быть следующим геморроем

Warning: Invalid value "APPLICATION_LIBRARY_PRELOAD=/usr/lib64/libX11-nx.so.6:/usr/lib64/libXext-nx.so.6:/usr/lib64/libXcomp.so.3:/usr/lib64/libXcompext.so.3:/usr/lib64/libXrender.so.1". /usr/lib64/libXrender.so.1 could not be found. Users will not be able to run a single application in non-rootless mode.