Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: Install freenx
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4 ... 28, 29, 30  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
elykyllek
Tux's lil' helper
Tux's lil' helper


Joined: 16 Sep 2002
Posts: 103
Location: Halifax, Nova Scotia, Canada

PostPosted: Sat Sep 04, 2004 1:44 am    Post subject: fluxbox Reply with quote

Also I've been able to get it to run with kde, but as of yet I cannot get it to start with fluxbox. I've tried getting it to execute startx, exec fluxbox, startfluxbox, all with it just showing a black screen. Any ideas?
Back to top
View user's profile Send private message
gorth_kr
n00b
n00b


Joined: 29 Aug 2004
Posts: 1

PostPosted: Sat Sep 04, 2004 1:15 pm    Post subject: Reply with quote

Is it possible to get NX working as a normal user? I would like to be able to access NX from a windows pc.
Back to top
View user's profile Send private message
Ari Rahikkala
Guru
Guru


Joined: 02 Oct 2002
Posts: 370
Location: Finland

PostPosted: Sat Sep 04, 2004 2:20 pm    Post subject: Reply with quote

I've been hacking on nxserver-freenx for several hours over two days now, and it still doesn't work. Here's what I can remember from what problems I solved, kluge by kluge, not necessarily in chronological order:

- one of the NX packages didn't compile with gcc 3.4 - used gcc-config to switch to gcc 3.3.4
- "204 Authentication failed." error - I couldn't login as the user nx with publickey authentication. Solved by adding my private key (.ssh/id_dsa) to nx's $HOME/.ssh/authorized_keys2
- some other problem with authentication - freenx assumes that your AuthorizedKeysFile is .ssh/authorized_keys2, mine was .ssh/authorized_keys. I changed my home dir and /etc/ssh/sshd_config to suit freenx's needs
- "bye" not a defined command - applied http://debian.tu-bs.de/knoppix/nx/nx-0.1-2.diff to nxserver
- libXcomp.so.1.4.0 found - this one was done in a really klugey way, and it might have broken something... symlinked libXcomp.so.1.4.0 -> libXcomp.so in /usr/NX/lib
- nxssh not found - changed nxssh to $NX_DIR/bin/nxssh on some line in either nxserver or nxnode, not sure which
- various other troubles - reinstalling nxserver-freenx and co. when I wasn't sure if a change I had made had caused bad stuff to happen
_________________
<laurentius> gentoo linux?
<ari> Yesh.
<laurentius> they look horny
Back to top
View user's profile Send private message
d_f0rce
n00b
n00b


Joined: 06 Oct 2002
Posts: 27

PostPosted: Sun Sep 05, 2004 10:48 am    Post subject: nxserver-freenx ebuild security problems Reply with quote

Hi,

I've installed nxserver-freenx from the ports and after some tweaking everything runs fine now.

I saw that this ebuild does not create a new dsa key for /usr/NX/share/client.id_dsa.key but uses a static one which is hard coded. Isn't this a HUGE security risk? Every Gentoo user can connect to the NX server of another gentoo user without being asked for a password. And if there ever is a bug in nxserver the host is easily cracked. This destroys the whole NX security conecpt, doesn't it?

The ebuild should create new keys or at least print a BIG warning that these keys should be replaced in a production environment.

UPDATE:
I created a bug report: https://bugs.gentoo.org/show_bug.cgi?id=62912

Greets,
d_f0rce
Back to top
View user's profile Send private message
StifflerStealth
l33t
l33t


Joined: 03 Jul 2002
Posts: 968

PostPosted: Tue Sep 07, 2004 12:28 am    Post subject: Reply with quote

I cannot even use the portage ebuilds because the following happens:
Code:
root@dingbat /home/stiffler # ACCEPT_KEYWORDS="~x86" emerge -pv nxserver-freenx

These are the packages that I would merge, in order:

Calculating dependencies
!!! all ebuilds that could satisfy "nxserver-freenx" have been masked.
!!! possible candidates are:

!!! Error calculating dependencies. Please correct.
I even tried to manually edit all the ebuilds and eclasses to change ~x86 to x86, but that still did not help. Does anyone know what is going on?

Thanks.
Back to top
View user's profile Send private message
djmaze
n00b
n00b


Joined: 25 Jun 2003
Posts: 36
Location: Berlin, Germany

PostPosted: Tue Sep 07, 2004 12:32 am    Post subject: Reply with quote

Quote:

I cannot even use the portage ebuilds because the following happens:

Code:

Code:

root@dingbat /home/stiffler # ACCEPT_KEYWORDS="~x86" emerge -pv nxserver-freenx
 
These are the packages that I would merge, in order:
 
Calculating dependencies
!!! all ebuilds that could satisfy "nxserver-freenx" have been masked.
!!! possible candidates are:
 
!!! Error calculating dependencies. Please correct.


I even tried to manually edit all the ebuilds and eclasses to change ~x86 to x86, but that still did not help. Does anyone know what is going on?

Thanks.


You should try a new sync. I had this before, and I believe this was fixed by syncing the portage tree!
Back to top
View user's profile Send private message
StifflerStealth
l33t
l33t


Joined: 03 Jul 2002
Posts: 968

PostPosted: Tue Sep 07, 2004 12:49 am    Post subject: Reply with quote

djmaze wrote:
You should try a new sync. I had this before, and I believe this was fixed by syncing the portage tree!
I did a new sync and that did not work, I get the same error, so I did an emerge regen, and that did not work. I will try syncing tomorrow. I keep my system up-to-date, so i do not know what the problem is.
Back to top
View user's profile Send private message
Spearhead
n00b
n00b


Joined: 30 Aug 2004
Posts: 7

PostPosted: Tue Sep 07, 2004 2:30 am    Post subject: Reply with quote

StifflerStealth wrote:
I cannot even use the portage ebuilds because the following happens:
Code:
root@dingbat /home/stiffler # ACCEPT_KEYWORDS="~x86" emerge -pv nxserver-freenx

These are the packages that I would merge, in order:

Calculating dependencies
!!! all ebuilds that could satisfy "nxserver-freenx" have been masked.
!!! possible candidates are:

!!! Error calculating dependencies. Please correct.
I even tried to manually edit all the ebuilds and eclasses to change ~x86 to x86, but that still did not help. Does anyone know what is going on?

Thanks.


Try emerging by giving emerge the complete path to the ebuild "/usr/portage....." and not only "nxserver-freenx", maybe that'll work?
Back to top
View user's profile Send private message
jsaitoh
n00b
n00b


Joined: 20 Jul 2003
Posts: 4

PostPosted: Tue Sep 07, 2004 4:03 am    Post subject: Authentication Failing at an odd location Reply with quote

If anyone knows how to solve this... please enlighten me... I've been
trying everything mentioned on this board using the nxserver-freenx
ebuild.

The following are what I have done:

Code:

ACCEPT_KEYWORDS="~x86" emerge nxserver-freenx

chmod u+x /usr/NX/var/db/*

chown -R nx:root /usr/NX

nxserver --adduser jsaitoh
nxserver --passwd jsaitoh
*entered a password*


I fixed the DSA key issues by using my own keys via ssh-keygen, and
seem to be fine.

What I am getting is:

Code:

NX> 203 NXSSH running with pid: 3232
NX> 200 Connected to address: 172.16.0.101 on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 1.4.0-01 OS (GPL)
NX> 105 Hello NXCLIENT - Version 1.3.2
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: jsaitoh
NX> 102 Password:
NX> 103 Welcome to: os-test user: jsaitoh
NX> 105 startsession --session="Test" --type="unix-kde" --cache="8M" --images="32M" --cookie="16c4254319c96827024d1bcceccb57a7" --link="modem" --backingstore="never" --geometry="fullscreen" --keyboard="jp" --kbtype="pc105/jp" --media="0" --agent_server="" --agent_user="" --agent_password=""

NX> 204 Authentication failed.
NX> 105


What's bugging me is: "Authentication failed" after accepting my DSA
keys (sshd) and my username/password combo(nxserver). For some
reason, I am unauthenticated to "startsession". Has anyone seen this
problem, and solved the issue other than what has been shown above?

Thanks in advance for any input.
Back to top
View user's profile Send private message
erlich
n00b
n00b


Joined: 30 Jan 2004
Posts: 14

PostPosted: Tue Sep 07, 2004 9:12 am    Post subject: Reply with quote

tried the ebuilds: didn't work. no nxsetup was installed (somehow)
tried the 'long way', and then nxsetup was there. done the whole process and it works like a charm!

thanks a lot!
Back to top
View user's profile Send private message
djmaze
n00b
n00b


Joined: 25 Jun 2003
Posts: 36
Location: Berlin, Germany

PostPosted: Tue Sep 07, 2004 11:11 am    Post subject: Reply with quote

jsaitoh, please try running the nx* programs manually. I think this will show the problem.

Code:

nxproxy
nxagent
nxssh


There may be some dynamic linking problems. Personally, I fixed this by re-emerging nx-x11-1.4.0.
Back to top
View user's profile Send private message
elykyllek
Tux's lil' helper
Tux's lil' helper


Joined: 16 Sep 2002
Posts: 103
Location: Halifax, Nova Scotia, Canada

PostPosted: Tue Sep 07, 2004 3:42 pm    Post subject: Reply with quote

Just got an email announcing that FreeNX 0.2 it out.

http://debian.tu-bs.de/knoppix/nx/freenx-0.2.tar.gz

Heres the email from Fabian Franz <fabianfranz@gmx.de>:

Quote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

FreeNX 0.2 is out.

You can get it from:

http://debian.tu-bs.de/knoppix/nx/freenx-0.2.tar.gz

I've decided to build up tarballs as mornfall from kalyxo.org did not react to
the latest changes, yet and I do not have access.

A cvs will be setup at freedesktop.org as soon as possible.

@Stuart:

PAM Authentication, which is now the default does login the user with the help
of ssh and the provided password. I hope that does suit your security needs,
as so ssh should do the account locking / logging.
(But users then should _not_ use the nxserver --adduser command anymore!)

I also included a gentoo-nomachine.diff, which should help making an ebuild
(as soon as you've checked and disabled everything that is insecure in your
eyes) easier.

@All:

It is no longer necessary to install nxclient on the server, as xmessage will
take care of the dialog functions.

Note: nxsetup will not use the NoMachine key by default. nxsetup will tell you
that you should distribute the keys to the clients.

Thanks goes to Tom Hibbert for ideas and for providing updated gentoo scripts.

ChangeLog:

07.09.2004
* Reworked the whole security model in nxsetup due to requests from
SuSE and Gentoo.
- nxsetup does not use the NoMachine key by default.
- PAM authentication is enabled by default.

* Added nxclient for compatibility with nxclient -dialog mode.

* Minor changes
* Added SSHD_AUTH_PORT to config vars in nxserver
* Made all programs NX_ aware
* Programs do now honor the setting of AuthorizedKeysFile in
sshd_config
* Changed nxsetup check from direct reading of passwd to
getent
(Thanks to Tom Hibbert <tom@nsp.co.nz>)
* Changed overall messages in nxsetup

* Made a overall clean upstream package.
* Added Gentoo / NoMachine compatibility diff

06.09.2004
* Added pam authentication
* Added user_db switch
* moved some su - to nxnode-login

02.09.2004
* Added support for snapshot 4 (43/66)
* Fixed compatibility issue with 1.3.0
(Used by Knoppix 3.4 and earlier)
* added sane logging (LOGGING is now properly used)

cu

Fabian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBPTjxI0lSH7CXz7MRAokgAJ44piUt3p/6I/ctSoHp+U8obr1NWACfe/mZ
IophsQ+BMR1rgDvEX5od67Q=
=Nuu5
-----END PGP SIGNATURE-----
Back to top
View user's profile Send private message
StifflerStealth
l33t
l33t


Joined: 03 Jul 2002
Posts: 968

PostPosted: Tue Sep 07, 2004 4:49 pm    Post subject: Reply with quote

Spearhead wrote:
Try emerging by giving emerge the complete path to the ebuild "/usr/portage....." and not only "nxserver-freenx", maybe that'll work?
That did work. I did a pretend because I was compiling the new OOo-Ximain 1.3.3-r1 ebuild and I did not want to stop that. I find it odd that I had to do that. I remember having to give the exact path to the ebuild back in the early days of portage 1.x, the really early days.

elykyllek wrote:
Just got an email announcing that FreeNX 0.2 it out.
I guess I will wait for the ebuild to be in portage before I install. The Devs of FreeNX are really cool. I mean, they personally addressed Stu in the email and included stuff for Gentoo. I wonder if the Devs of FreeNX read this Thread.
Back to top
View user's profile Send private message
stuherbert
Retired Dev
Retired Dev


Joined: 17 Aug 2003
Posts: 47
Location: Pontypridd, South Wales

PostPosted: Tue Sep 07, 2004 8:51 pm    Post subject: Reply with quote

I've currently package-masked all versions of nxserver (both commercial and freenx) until I've had the chance to test & document the security concern reported in https://bugs.gentoo.org/show_bug.cgi?id=62912. That's why you've been having trouble emerging nxserver-freenx in the last 24 hours.

I've just committed an ebuild for FreeNX 0.2. It contains all the fixes suggested in here to date. Still doesn't work for me (although the commercial NXserver works nicely ;-). Should have some more time tomorrow to work on this.

Best regards,
Stu
_________________
--
stuart@gentoo.org
Gentoo Developer
Trustee, Gentoo Foundation
http://blog.stuartherbert.com
Back to top
View user's profile Send private message
StifflerStealth
l33t
l33t


Joined: 03 Jul 2002
Posts: 968

PostPosted: Tue Sep 07, 2004 10:04 pm    Post subject: Reply with quote

stuherbert wrote:
I've currently package-masked all versions of nxserver (both commercial and freenx) until I've had the chance to test & document the security concern reported in https://bugs.gentoo.org/show_bug.cgi?id=62912. That's why you've been having trouble emerging nxserver-freenx in the last 24 hours.
That would explain the trouble I was having. I did a
Code:
echo ">=net-misc/nxserver-freenx-0.1" >> /etc/portage/package.unmask
and I no longer need to point to the ebuild anymore. I will install Version 0.2 now to test it out. I am not too concerned with the security thing because I am behind a hardware firewall and my parents know nothing about Linux, so I am safe. :P Yay, now it's time to play with a new toy. :D
Back to top
View user's profile Send private message
jd5419
Tux's lil' helper
Tux's lil' helper


Joined: 26 Apr 2004
Posts: 110
Location: RI, USA

PostPosted: Tue Sep 07, 2004 10:45 pm    Post subject: Reply with quote

just a hint, dont use 1.4.0 nxclient, it gave me a problem i'm sticking with 1.3.2 :-D worked fine with 1.3.2 but not with new it sayd somthing about bye and wouldnt work right
Back to top
View user's profile Send private message
StifflerStealth
l33t
l33t


Joined: 03 Jul 2002
Posts: 968

PostPosted: Tue Sep 07, 2004 11:43 pm    Post subject: Reply with quote

I read about client version 1.4.0 not working right, but I will try it just to see if 0.2 has better compatibility. If not I can always downgrade the nxclient, or do I need to rebuild everything?

The new version 0.2 ebuild had the three dependecies and all those were built with no errors or warnings, but I have no nxsetup. What gives? Is nxsetup no longer needed with the new FreeNX 0.2 release? If not, then how do I set this up? Do I just need to run nxserver? I did a locate to try to find it, but it is not there. I am really new to FreeNX, as you can tell.
Back to top
View user's profile Send private message
jd5419
Tux's lil' helper
Tux's lil' helper


Joined: 26 Apr 2004
Posts: 110
Location: RI, USA

PostPosted: Wed Sep 08, 2004 12:10 am    Post subject: Reply with quote

me too and as i just get it set up i find 0.2 is out.


if anyone wants help getitng it to go (as i've made a few changes and kinda know whats going on) you can hit me up on aim jd880506 or other means if u want.
Back to top
View user's profile Send private message
StifflerStealth
l33t
l33t


Joined: 03 Jul 2002
Posts: 968

PostPosted: Wed Sep 08, 2004 12:49 am    Post subject: Reply with quote

Ok, I have no nxsetup, and when I do a nxserver --help, there is no option listed for add user. How do I get this thing going? Gah. *pulls hair out*
Back to top
View user's profile Send private message
jd5419
Tux's lil' helper
Tux's lil' helper


Joined: 26 Apr 2004
Posts: 110
Location: RI, USA

PostPosted: Wed Sep 08, 2004 2:03 am    Post subject: Reply with quote

i have it working and in fluxbox, but i open a xterm and it just sits there all white with no prompt per say... is thsi just me? is somthing messed up what do i have to change?
Back to top
View user's profile Send private message
djmaze
n00b
n00b


Joined: 25 Jun 2003
Posts: 36
Location: Berlin, Germany

PostPosted: Wed Sep 08, 2004 9:00 am    Post subject: Reply with quote

nxserver-0.2 uses PAM authentication, so everyone who is able to login via SSH to your machine should be able to connect to the NX server (with the same password)!
Back to top
View user's profile Send private message
Ari Rahikkala
Guru
Guru


Joined: 02 Oct 2002
Posts: 370
Location: Finland

PostPosted: Wed Sep 08, 2004 4:05 pm    Post subject: Reply with quote

I wish. That's exactly what has *me* stumped at the moment. I can log in as nx with publickey authentication just fine with SSH, but when I try to use nxclient, I get locked out. Now I could play around with strace... but I could also just hand-hack something that works out of the upstream sources... it seems that that has worked for oher people.
_________________
<laurentius> gentoo linux?
<ari> Yesh.
<laurentius> they look horny
Back to top
View user's profile Send private message
StifflerStealth
l33t
l33t


Joined: 03 Jul 2002
Posts: 968

PostPosted: Wed Sep 08, 2004 4:38 pm    Post subject: Reply with quote

Ok, the server works, sort of. I guess the nxsetup is not needed for the ebuild version, because everything seems to be setup automatically. I can add a user now and nxserver was already running. I can get KDE in a 1024x768 window and it works fine.

However, I just want to run Thunderbird as a window. I have seen screenshots where programs like Kmail and Konqueror are running in a window. I try to run Thunderbird, and the program is in the upper left of the screen. when I try to move the window, Thunderbird stays in the same location, but the black box moves, so the program is out of the box area and gets cut off. I have the Display set to "Available Area", The Settings for the desktop is "Floating Window". The KDE Desktop window moves and KDE moves with it, so why does Thunderbird stay in the upperleft of my screen while the display box moves?

I hope I explained this well.
Back to top
View user's profile Send private message
jd5419
Tux's lil' helper
Tux's lil' helper


Joined: 26 Apr 2004
Posts: 110
Location: RI, USA

PostPosted: Wed Sep 08, 2004 6:18 pm    Post subject: Reply with quote

I have the new freenx yet i still have to continue using --adduser and its still in there, did i do somthing wrong?

he04 log # nxserver --version
NXSERVER - Version 1.4.0-02 OS_(GPL)
he04 log #


no?

he04 log # emerge search freenx
Searching...
[ Results for search key : freenx ]
[ Applications found : 1 ]

* net-misc/nxserver-freenx
Latest version available: 0.2
Latest version installed: 0.2
Size of downloaded files: 21 kB
Homepage: http://www.kalyxo.org/twiki/bin/view/Main/FreeNX
Description: X11 protocol compression library
License: GPL-2


he04 log #


where did i mess up?
Back to top
View user's profile Send private message
jd5419
Tux's lil' helper
Tux's lil' helper


Joined: 26 Apr 2004
Posts: 110
Location: RI, USA

PostPosted: Wed Sep 08, 2004 6:53 pm    Post subject: Reply with quote

OK i went from it working but being unsatisfied with the sessions not working so i had to go break it... anyway what does this mean?

Loop: WARNING! Ignoring unknown option 'listen' with value '37283'.
Warning: Ignoring unknown option 'listen' with value '37283'.

NXPROXY - Version 1.3.2

Copyright (C) 2001,2003 NoMachine.
See http://www.nomachine.com/ for more information.

Info: Proxy running in client mode with pid '29121'.
Error: Failed to resolve address of ''.
Error: Unknown remote host ''.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3, 4 ... 28, 29, 30  Next
Page 3 of 30

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum