nxserver-freenx uses a double authentication mechanism. Firstly, the special "nx" user is authenticated via public key method. Secondly, real users are authenticated via user/password method. This scheme doesn't work if pam_ssh authentication is used. The problem lies in /usr/NX/bin/nxnode-login (an expect script that launches a ssh client). The script waits for the "assword:" string, but when pam_ssh is used, "SSH passphrase:" is displayed instead. (This is the standard behavior of newer versions of pam_ssh. Older versions diplayed the normal "password:" string, see bug # 66092, http://bugs.gentoo.org/show_bug.cgi?id=66092). Latest stable (nxserver-freenx-0.2.8) is affected. The same for latest testing ( nxserver-freenx-0.5.0). The workaround is trivial. Just add another case to the while(1) loop of the nxnode-login expect script. while {1} { expect { "Are you sure you want to continue connecting (yes/no)?" { send "yes\r" } + "SSH passphrase:" { send "$password\r" } "assword:" { send "$password\r" } I am conscious very few installs use both pam_ssh and nxserver-frenx. I am reporting primarily just in case someone finds the same problem (bugzilla makes life easier :-) ). In any case, I would like to hear your comments...
Upstream is working on a complete rewrite for next major version, including new authentification method (and more flexibility). This will probably fix this bug
Thanks... I agree with the resolution. Better to wait for the new release and try then...
Now that pambase has an easy USE flag to allow pam_ssh usage, and freenx rewrite is apparently dead (sorry, looks like I was too optimistic!), I've added the workaround in NX overlay to solve bug #266572. Maybe the Ubuntu PPA team will commit this too, in the meantime reopening this bug until I've tested new nxserver-freenx-0.7.3_p104 ebuild and added it to the tree
*** Bug 266572 has been marked as a duplicate of this bug. ***
nxserver-freenx-0.7.3_p104 in portage now, thanks for report and patch!