lost and found ( for me ? )

CentOS 5.7 : How to set up FreeNX



# cat /etc/redhat-release
CentOS release 5.7 (Final)

# uname -ri
2.6.18-274.12.1.el5 x86_64

Win7 (NX client ) --- CentOS ( NX server )

[ install FreeNX on CentOS ]

You can install FreeNX via yum
# yum grouplist | grep -i freenx
  FreeNX and NX


install FreeNX
# yum groupinstall -y "FreeNX and NX"#

# rpm -qa | grep -i nx
freenx-0.7.3-8.el5.centos
nx-3.5.0-1.el5.centos


[ how to start/stop nxserver ]

You can start/stop FreeNX server with the startup script.
# /etc/init.d/freenx-server start
# /etc/init.d/freenx-server stop


[ set up the NX server ]

The authentication method is SSH password based not key-based.
configuration files are stored under /etc/nxserver directory.
# ls
client.id_dsa.key  node.conf.sample  passwords.orig         users.id_dsa
node.conf          passwords         server.id_dsa.pub.key  users.id_dsa.pub

# egrep -v ^# node.conf | egrep -v ^$
ENABLE_PASSDB_AUTHENTICATION="0"
ENABLE_SSH_AUTHENTICATION="1"
ENABLE_CLIPBOARD="both"
NX_LOG_LEVEL=4
NX_LOGFILE=/var/log/nx/nxserver.log
COMMAND_MD5SUM="md5sum"


start the NX server
# /etc/init.d/freenx-server start

# /usr/bin/nxserver --status
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 110 NX Server is running
NX> 999 Bye


[ install NX Client for Windows 7 32bit ver ]

Download the NX client 3.5.0-7 for Windows as below.
The installation is very easy , just launch exe file and click next , next …

[ connect to CentOS from Windows 7 with NX client ]

start NX Client.

enter any session name and click configure.


enter the IP address
specify Desktop as UNIX , GNOME
configure display size : 1024x768
click save and OK.


chose session : CentOS5-2
enter username and credentials
click Login

error .. can’t connect.

check the NX client log. ( click Detail )
NX> 203 NXSSH running with pid: 4916
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: z.z.z.z on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.


Try to connect to the NX server with user “nx” ???

Seen from the following link , the NX server and NX Client firstly establish SSH connection with nx user and then spawn SSH session for the real user.
the NX client ---------------------------------------------------------------  the NX server
        1. establish SSH connection with *nx* uer
        2. spawns SSH session for the real user.


To find out the root cause , I have to locate which step ( 1 or 2 ) is problem..
Seen from the audit log , it seems that nx user can’t establish SSH connection.
# tail -f /var/log/audit/audit.log
type=CRYPTO_SESSION msg=audit(1324010082.545:1430): user pid=5151 uid=0 auid=500 msg='op=start direction=from-client cipher=aes128-cbc ksize=128 rport=53089 laddr=serverIP lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=CRYPTO_SESSION msg=audit(1324010082.545:1431): user pid=5151 uid=0 auid=500 msg='op=start direction=from-server cipher=aes128-cbc ksize=128 rport=53089 laddr=serverIP lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=USER_LOGIN msg=audit(1324010082.685:1432): user pid=5151 uid=0 auid=500 msg='acct="nx": exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=sshd res=failed)'
type=USER_ERR msg=audit(1324010082.696:1433): user pid=5151 uid=0 auid=500 msg='PAM: bad_ident acct="?" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=failed)'

# nxsetup --install --setup-nomachine-key

 --setup-nomachine-key  Allow login with the key shipped with the NoMachine
                        client. This is fairly secure, and it simplifies the
                        configuration of clients. (Using a custom key pair.
                        increases security even more, but complicates the
                        configuration of clients.)
                        Use this option at your own risk.

# egrep -v ^# node.conf | egrep -v ^$
ENABLE_PASSDB_AUTHENTICATION="0"
ENABLE_SSH_AUTHENTICATION="1"
ENABLE_CLIPBOARD="both"
NX_LOG_LEVEL=4
NX_LOGFILE=/var/log/nx/nxserver.log
COMMAND_MD5SUM="md5sum"

# /etc/init.d/freenx-server restart

try again.
I was able to connect to the NX server.

audit log.
# tail -f /var/log/audit/audit.log
type=CRYPTO_SESSION msg=audit(1324015192.088:1531): user pid=8997 uid=0 auid=500 msg='op=start direction=from-client cipher=aes128-cbc ksize=128 rport=53335 laddr=serverIP lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=CRYPTO_SESSION msg=audit(1324015192.089:1532): user pid=8997 uid=0 auid=500 msg='op=start direction=from-server cipher=aes128-cbc ksize=128 rport=53335 laddr=serverIP lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=USER_AUTH msg=audit(1324015192.228:1533): user pid=8997 uid=0 auid=500 msg='op=pubkey_auth rport=53335 acct="nx" exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=CRYPTO_KEY_USER msg=audit(1324015192.228:1534): user pid=8997 uid=0 auid=500 msg='op=key algo=ssh-dsa size=384 fp=4b:9b:38:6b:24:33:6b:48:e4:f8:c4:5b:c9:f1:fd:98 rport=53335 acct="nx" exe="/usr/sbin/sshd" (hostname=?, addr=clientIP, terminal=? res=success)'
type=USER_ACCT msg=audit(1324015192.229:1535): user pid=8997 uid=0 auid=500 msg='PAM: accounting acct="nx" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1324015192.229:1536): user pid=8997 uid=0 auid=500 msg='PAM: setcred acct="nx" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=success)'
type=LOGIN msg=audit(1324015192.234:1537): login pid=8997 uid=0 old auid=500 new auid=102 old ses=191 new ses=224
type=USER_START msg=audit(1324015192.235:1538): user pid=8997 uid=0 auid=102 msg='PAM: session open acct="nx" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=success)'
type=CRED_REFR msg=audit(1324015192.235:1539): user pid=8999 uid=0 auid=102 msg='PAM: setcred acct="nx" : exe="/usr/sbin/sshd" (hostname=clientIP, addr=clientIP, terminal=ssh res=success)'
type=CRYPTO_SESSION msg=audit(1324015193.025:1540): user pid=9123 uid=0 auid=500 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 rport=36339 laddr=127.0.0.1 lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=127.0.0.1, terminal=? res=success)'
type=CRYPTO_SESSION msg=audit(1324015193.025:1541): user pid=9123 uid=0 auid=500 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 rport=36339 laddr=127.0.0.1 lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=127.0.0.1, terminal=? res=success)'
type=USER_AUTH msg=audit(1324015193.382:1542): user pid=9123 uid=0 auid=500 msg='PAM: authentication acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=USER_ACCT msg=audit(1324015193.383:1543): user pid=9123 uid=0 auid=500 msg='PAM: accounting acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1324015193.384:1544): user pid=9123 uid=0 auid=500 msg='PAM: setcred acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=LOGIN msg=audit(1324015193.388:1545): login pid=9123 uid=0 old auid=500 new auid=500 old ses=191 new ses=225
type=USER_START msg=audit(1324015193.388:1546): user pid=9123 uid=0 auid=500 msg='PAM: session open acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=CRED_REFR msg=audit(1324015193.389:1547): user pid=9125 uid=0 auid=500 msg='PAM: setcred acct="test1" : exe="/usr/sbin/sshd" (hostname=centos.localdomain, addr=127.0.0.1, terminal=ssh res=success)'

[ keyboard mapping problem ]

1. I can’t enter underscore ‘_’

Seen from the output of  “xmodmap –pke” , keycode 123 is not defined(blank).
NX server$ xmodmap -pke | grep 123
keycode 123 =

NX server$ echo 'keycode 123 = backslash underscore' > .Xmodmap


When connecting to the NX server , .Xmodmap will be loaded.

or if you have the Linux machine which has the correct keyboard mapping , dump the keyboard mapping file on that machine and then copy it to the NX server like this:

on the correct keyboard mapping machine
correct mapping Linux $ xmodmap –pke > keyboard_map.txt
correct mapping Linux $ scp keyboard_map.txt zzz@NXserver:

on the NX server
NX server $ cp keyboard_map.txt ~/.Xmodmap


2. keyboard layout issue

When connecting to the NX server , keyboard layout has changed from Japanese to U.S. English. To solve this , modify the NX client configuration file ( *.nxs )

In case of NX client for Windows , configuration files will be stored under user\user name\.nx\config\session_name.nxs

modify nxs file as below.
<option key="Custom keyboard layout" value="jp" />

[ other tips ]

- clipboard

If you configure "ENABLE_CLIPBOARD=”both” in node.cfg , you can copy and paste between the NX server and the NX client and vice-versa.


- auto start/stop NX server when booting the OS
# chkconfig freenx-server off
# chkconfig freenx-server on


Hope this helps

1 comment:

Note: Only a member of this blog may post a comment.