Troubleshooting SSH and NX I have a working SSH connection using a RSA key. The trouble is NX server wants the sshd_config parameter AuthorizedKeysFile to be set to an NX installed file, /var/lib/nxserver/home/.ssh/authorized_keys2. Once I made this change, SSH remote connection could not be authorized. I tried,
- appendeding the home authorized_keys in
~/.sshto this /var… file. - Its owned by
nx, grouproot, and 644 permissions, so I added the parametersAllowUsersandAllowGroupswith both accounts to the end ofsshd_config. - Restarted the SSHD server after every sshd change.
Unfortunately ssh will not allow this connection.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
If I change sshd_config AuthorizedKeysFile back to the original settings then its all hunky-dorey. So, Any reason sshd won't accept the authorized key file NX wants?
There are some confusing issues here. Take for example authorized_keys2 was depreciated? Not that these guys cared, because they discuss using authorized_keys2 for NX two years after the first post.
Many NX users note the AuthorizedKeysFile is only the file name, yet this man page on sshd_config (the same as CentOS6) and says "After [token] expansion, AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory." The NX path should be OK, right?
Unfortunately my CentOS server is sporting OpenSSH 5.3, because 6.2 (on my client) supports space deliminated list of AuthorizedKeysFile(s).
Best Answer
First of all, in such conditions I always try to have my logs maxed by starting custom undaemonized
sshd:And trying connecting to it:
This makes your current configuration safe and gives you all info about how connection was established.
And now comes a wild guess.
sshdwill require keyfiles to be:root,wheel, and user that logs in.