@
nunim You were spot on. It was in fact the SSH keys that was causing the problem. Relevant lines from the log.
NXSERVER-3.5.0-11[3345]: Failed SSHd authentication for user 'ubuntu', to '127.0.0.1', port '22': 'NX> 204 Authentication failed.
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack) It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sentby the remote host is x6:73:00:78:82:xx:3x:xx:xx:6x:x9:xx:13:00:13:x0
Please contact your system administrator. Add correct host key in /usr/NX/home/nx/.ssh/known_hosts to get rid of this message. Offending key in /usr/NX/home/nx/.ssh/known_hosts
Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Not sure if its the right thing to do, but, following steps made it work.
- Edited /home/ubuntu/.ssh/authorized_keys2 and changed the root@hostname reference to point to the current hostname. It was pointing to the name of the original machine on which AMI image was taken.
- Copied private key contents in /etc/ssh/ssh_host_rsa_key from the original machine (AMI image source) to the same file in problem machine.
- Restarted sshd and NX started working
The above steps worked irrespective of new instance sharing the same SSH keypair as the original machine or launched with its own new keypair. I'm sure I maybe violating few unwritten SSH laws by doing this copying thing. If any of you know the right way to go about this, I'm all ears
Purpose is to have NX pre-installed & available on AMI image. And get NX working in new child instances with minimal effort. I could have as well run nunim's script on new instances, but I went ahead and built several custom images before running into this issue. Each image has a lot of other software combinations. Don't want to redo all of them now.