having problems with nxclient ..

[smouser]

My fedora 14 has OpenSSH_5.5p1, OpenSSL 1.0.0a-fips 1 Jun 2010 running. I am able to use putty to ssh to my fedora. I installed NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0) but when i used nxclient to connect to the server i always got 'session x' failed. Details below:

Info: Display running with pid '2424' and handler '0x1905e4'.

NXPROXY - Version 3.4.0

Copyright (C) 2001, 2010 NoMachine.

Info: Proxy running in client mode with pid '3776'.
Session: Starting session at 'Mon Mar 28 09:11:17 2011'.
Warning: Connected to remote version 3.3.0 with local version 3.4.0.
Info: Connection with remote proxy completed.
Info: Using ADSL link parameters 512/24/1/0.
Info: Using cache parameters 4/4096KB/16384KB/16384KB.
Info: Using pack method 'adaptive-7' with session 'kde'.
Info: Using ZLIB data compression 1/1/32.
Info: Using ZLIB stream compression 4/4.
Info: No suitable cache file found.
Info: Forwarding X11 connections to display ':0'.
Info: Listening to font server connections on port '12000'.
Session: Session started at 'Mon Mar 28 09:11:17 2011'.
Info: Established X server connection.
Info: Using shared memory parameters 0/0K.
Session: Terminating session at 'Mon Mar 28 09:11:17 2011'.
Session: Session terminated at 'Mon Mar 28 09:11:17 2011'.

I have no Info: Display running with pid '2424' and handler '0x1905e4'.

NXPROXY - Version 3.4.0

Copyright (C) 2001, 2010 NoMachine.

Info: Proxy running in client mode with pid '3776'.
Session: Starting session at 'Mon Mar 28 09:11:17 2011'.
Warning: Connected to remote version 3.3.0 with local version 3.4.0.
Info: Connection with remote proxy completed.
Info: Using ADSL link parameters 512/24/1/0.
Info: Using cache parameters 4/4096KB/16384KB/16384KB.
Info: Using pack method 'adaptive-7' with session 'kde'.
Info: Using ZLIB data compression 1/1/32.
Info: Using ZLIB stream compression 4/4.
Info: No suitable cache file found.
Info: Forwarding X11 connections to display ':0'.
Info: Listening to font server connections on port '12000'.
Session: Session started at 'Mon Mar 28 09:11:17 2011'.
Info: Established X server connection.
Info: Using shared memory parameters 0/0K.
Session: Terminating session at 'Mon Mar 28 09:11:17 2011'.
Session: Session terminated at 'Mon Mar 28 09:11:17 2011'.

There is no error here, but i can find something wrong in nxserver.log

NX> 999 Bye
NX> 1004 Error: NX Agent exited with exit status 1. To troubleshoot set SESSION_LOG_CLEAN=0 in node.conf and investigate "/home/martin/.nx/F-C-localhost.localdomain-2000-45D7ABBA9BEAA7D82615DECEF7B862E0/session". You might also want to try: ssh -X myserver; /usr/libexec/nx/nxnode --agent to test the basic functionality. Session log follows:
NX> 1006 Session status: closed
server_nxnode_echo: NX> 596 Session startup failed.


Can anyone tell me what i should do next? Have spent a couple of hours without success.

[smouser]

----------------------------------------------------------------------------------
node.conf:

################################################## #######################
# General FreeNX directives
################################################## #######################

# The host name which is used by NX server. It's should be used if it's
# different than the default hostname (as returned by `hostname`)
#SERVER_NAME="$(hostname)"

# The node ip which is used by NX Node in unecnrypted session mode.
# Set it if you want to use a specific external ip or the autodetection
# is not working.
#EXTERNAL_PROXY_IP=""

# The port number where local 'sshd' is listening.
SSHD_PORT=22


################################################## #######################
# Authentication / Security directives
################################################## #######################

# Authentication directives

# This adds the usermode to the possible authentication methods
# Usermode means that a user can start the nxserver as his shell
# and connect directly to the right server via a custom client.
#ENABLE_USERMODE_AUTHENTICATION="0"

# This adds the passdb to the possible authentication methods
ENABLE_PASSDB_AUTHENTICATION="1"

# This adds SSH to the possible authentication methods. For it to work sshd
# must be set up at localhost accepting password authentication.
ENABLE_SSH_AUTHENTICATION="1"

# This adds SU to the possible authentication methods. For it to work the
# "nx" user must be in the wheel (RedHat, Fedora) or the users group (SUSE)
# and the user logging in must have a valid shell that accepts the -c
# parameter.
#ENABLE_SU_AUTHENTICATION="0"

# Require all users to be in the passdb, regardless of authentication method
#ENABLE_USER_DB="0"


# If enabled forces the user to use encryption. This will bail out
# if the user does not have encryption enabled.
#ENABLE_FORCE_ENCRYPTION="0"

# Refuse the NX client connection if SSHD does not export the
# SSH_CONNECTION and SSH_CLIENT variables in the environment
# passed to the NX server.
# 1: Will check the remote IP and will not accept the
# connection if it can't be determined.
# 0: Will accept the connection even if the remote IP
# is not provided.
#SSHD_CHECK_IP="0"

# If ENABLE_SLAVE_MODE="1" the user will be just logged in _once_ and the
# communication is done via nxnode slave mode.
#
# This is useful for one time passwords or to have less traffic in utmp
# and wtmp.
#
# Also session startup times are much faster in slave mode. This is true especially
# if many printers or shares have to be added.
#
# For this to work the binary nxserver-helper has to be installed in
# PATH_BIN.
#
#ENABLE_SLAVE_MODE="1"

# If ENABLE_LOG_FAILED_LOGINS="1" then failed login attempts are logged to the system
# auth.log.
#
# This is useful in combination with tools like fail2ban.
#
# The default is to log failed login attemps via syslog (3).
#
#ENABLE_LOG_FAILED_LOGINS="1"

################################################## #######################
# Restriction directives
################################################## #######################

# The base display number from which sessions are started.
#DISPLAY_BASE=1001

# The maximum number of contemporary sessions that can be run on FreeNX
#SESSION_LIMIT=200

# The maximum number of contemporary sessions that a single user can run
# on FreeNX. Defaults to the value of SESSION_LIMIT.
#SESSION_USER_LIMIT=200

# The number of displays reserved for sessions, it has to be greater or equal
# to the maximum number of contemporary sessions that a server can run.
#DISPLAY_LIMIT=200


# User for which sessions should be persistent. Either the keyword "all" or a
# comma-separated list of usernames or groups in the @groupname syntax.
#ENABLE_PERSISTENT_SESSION="all"

# Users and groups for whom persistent sessions should be disabled.
# Especially useful if ENABLE_PERSISTENT_SESSION="all"
#DISABLE_PERSISTENT_SESSION=""

# This enables the mirroring of running sessions via VNC feature.
#
# Session is marked as resumable and type is vnc-mirrored.
#
#ENABLE_MIRROR_VIA_VNC=1

# This enables the sharing of :0 via VNC feature.
#
# Session is marked as resumable and type is vnc-local.
#
# Note: You need to have the rights to access the display
# else it does not work.
#
#ENABLE_DESKTOP_SHARING=1

#
# General shadowing / mirroring notes:
#
# By default shadowing is only allowed for the same user.
#
# If nxserver finds nxshadowacl binary, it asks it, for which users
# the permission is granted.
#
# nxshadowacl <user>
#
# Exit code:
#
# 0 -> Save cookie in session file for other users
# 1 -> Do not save cookie
#
# Check if user is allowed to be shadowed by admin user.
#
# nxshadowacl <user> <admin>
#
# Exit code:
#
# 0 -> Yes, allow shadowing and add to list
# 1 -> No, don't allow shadowing
#

#
# When using NX 3.0 shadowing, this enables asking the user whether
# he authorizes another user to shadow his session
#
# 0: No authorization request will be presented,
# and the session will be shadowed as if the user had approved.
# 1: (default) Ask for authorization
#
#ENABLE_SESSION_SHADOWING_AUTHORIZATION=1

# Allow session shadowing in interactive mode:
#
# 1: The shadowing user can interact with the shadowed session.
#
# 0: The shadowed session is view-only. No interaction with the
# shadowed session is possible.
#
#ENABLE_INTERACTIVE_SESSION_SHADOWING=1

#
# Enable or disable clipboard:
#
# client: The content copied on the client can be pasted inside the
# NX session.
#
# server: The content copied inside the NX session can be pasted
# on the client.
#
# both: The copy&paste operations are allowed both between the
# client and the NX session and vice-versa.
#
# none: The copy&paste operations between the client and the NX
# session are never allowed.
#
#ENABLE_CLIPBOARD="both"


#
# Enable or disable the pulldown dialog, which provides a graphical
# way to suspend or terminate the rootless session:
#
# 1: Enabled. The pulldown menu is shown when the mouse pointer
# moves near the middle of the top boundary of a window and
# allows the user to suspend or terminate the session by means
# of an icon-click.
#
# 0: Disabled. The ctrl+alt+T key combination has to be issued
# to get the dialog for suspending or terminating the session.
#
#ENABLE_PULLDOWN_MENU="1"


# The option USE_PROCESSOR_TASKSET is for setting the CPU affinity of all
# nx related processes.
#
# Note: To have for example startkde run on even another core, just specify:
#
# COMMAND_STARTKDE="taskset -c 2 -- startkde"
#
# FreeNX runs this option like: $COMMAND_TASKSET -cp "$USE_PROCESSOR_TASKSET" $$
#
# So with $USE_PROCESSOR_TASKSET set to 3,4 it would balance the tasks to cores
# 3 and 4.
#
# If this option is empty, no balance to cores is done.
#
#USE_PROCESSOR_TASKSET=""

# If you set ENABLE_ADVANCED_SESSION_CONTROL="1" you can start a new application in an already
# running rootless session by using "add <rest of name>" as session name.
#
# Note: The client will return a message on that.
#
#ENABLE_ADVANCED_SESSION_CONTROL="0"

# If you set ENABLE_SHOW_RUNNING_SESSIONS="0" then nxserver will only show
# suspended sessions and you will not be able to resume or terminate a running
# session.
#
#ENABLE_SHOW_RUNNING_SESSIONS="1"

################################################## #######################
# Logging directives
################################################## #######################

# This directives controls the verbosity of the server-wide log.
# 0: No Logging
# 1: Errors
# 2: Warnings
# 3: Important information
# 4: Server - Client communication
# 5: Information
# 6: Debugging information
# 7: stderror of some applications
NX_LOG_LEVEL=7

# By setting this to 0 the nxserver might be a bit faster, but passwords can be found in the log files.
NX_LOG_SECURE=1

# Before turning logging on, please make sure that NX_LOGFILE is
# writeable for the "nx" user
NX_LOGFILE=/var/log/nx/nxserver.log

# This directive controls if the temporary session directory
# ($HOME/.nx/C-<hostname>-<display>-<session_id>) should be kept after a
# session has ended. A successfully terminated session will be saved as
# T-C-<hostname>-<display>-<session_id> while a failed session will be saved
# as F-C-<hostname>-<display>-<session_id>.
# The default is to cleanup the directories.
#SESSION_LOG_CLEAN=1

# Amount of seconds nxserver is to keep session history. The default of 2592000
# is equivalent to 30 days. If this is 0 no session history will be kept
# and a negative value denotes infinity.
#SESSION_HISTORY=2592000


################################################## #######################
# Forwarding directives
################################################## #######################

# FreeNX with ENABLE_SERVER_FORWARD="1" will automatically forward all
# connections to the host specified in SERVER_FORWARD_HOST with the
# secret key SERVER_FORWARD_KEY.
#
# This allows to have a "chain" of NX Servers. Note that you will need to
# use "SSL encryption" for all connections.

#ENABLE_SERVER_FORWARD="0"
#SERVER_FORWARD_HOST=""
#SERVER_FORWARD_PORT=22
#SERVER_FORWARD_KEY="/usr/NX/share/client.id_dsa.key"


# FreeNX with ENABLE_NOMACHINE_FORWARD_PORT="1" will automatically forward all
# connections to the commercial NoMachine nxserver installed on the same
# machine, which go in by port NOMACHINE_FORWARD_PORT. This feature is introduced
# to enable the usage of FreeNX and NoMachine NX side by side on the same machine
# without conflicts.
#
# Note: You need to let SSHD listen to several ports to make use of this
# directive.

#ENABLE_NOMACHINE_FORWARD_PORT="0"
#NOMACHINE_FORWARD_PORT="22"

#NOMACHINE_SERVER="/usr/NX/bin/nxserver"
#NOMACHINE_NX_HOME_DIR="/usr/NX/home/nx"


# LOAD BALANCING
# ==============
#
# To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and
# make:
#
# - either sure that all incoming connections are sent to the master
# server by using forwarding directives on the "slave" servers.
#
# - or share the session database space via NFS between the servers.
# (not recommended at the moment as race conditions for DISPLAYs can
# occur)
#

#LOAD_BALANCE_SERVERS=""

# The following load_balance_algorithms are available at the moment:
#
# "load", "round-robin", "random"
#
# For "load" you need a script called nxcheckload in PATH_BIN.
#
# A sample script, which you can change to your needs it shipped with
# FreeNX under the name nxcheckload.sample.

#LOAD_BALANCE_ALGORITHM="random"

# By setting ENABLE_LOADBALANCE="1" you can let users choose their
# preferred host, while being forwarded to another server. Of course
# this is just a preference. The loadbalancing algorithm can completely
# choose to ignore the users choice.

#ENABLE_LOAD_BALANCE_PREFERENCE="0"

################################################## #######################
# Services directives
################################################## #######################

# FreeNX with ENABLE_ESD_PRELOAD="1" will automatically try to setup
# the sound with the help of the esd media helper.
#
# Currently ESD will be used just by the Windows NX Client.
#
# Be sure that $ESD_BIN_PRELOAD is in your path, does exist and work
# before enabling this directive.

#ENABLE_ESD_PRELOAD="0"
#ESD_BIN_PRELOAD="esddsp"

# FreeNX with ENABLE_ARTSD_PRELOAD="1" will automatically try to setup
# the sound with the help of the artsd media helper.
#
# Currently ARTSD will be used just by the Linux NX Client.
#
# Be sure that $ARTSD_BIN_PRELOAD is in your path, does exist and work
# before enabling this directive.

#ENABLE_ARTSD_PRELOAD="0"
#ARTSD_BIN_PRELOAD="artsdsp"

# FreeNX with ENABLE_KDE_CUPS="1" will automatically write
# $KDE_PRINTRC and put the current used socket into it.
#
# If you additionally enable ENABLE_KDE_CUPS_DYNAMIC it will set the
# Host entry to the script nxcups-gethost, which dynamically tries all
# possible entries to find the current printing host.
#
# The order is: CUPS_SERVER (env var), ~/.cups/client.conf, $KDE_PRINTRC,
# $CUPS_DEFAULT_SOCK, localhost
#
# So this option is most useful with ENABLE_CUPS_SERVER_EXPORT="1".
#
# $KDE_PRINTRC is automatically calculated if its not set.

#ENABLE_KDE_CUPS="0"
#ENABLE_KDE_CUPS_DYNAMIC="0"
#KDE_PRINTRC="$KDEHOME/share/config/kdeprintrc"

# FreeNX with ENABLE_CUPS_SERVER_EXPORT="1" will automatically
# export the environment variable CUPS_SERVER.

#ENABLE_CUPS_SERVER_EXPORT="1"

# FreeNX with ENABLE_CUPS_SEAMLESS will automatically try to download the
# necessary ppds from the client.
#
# As the forwarding is just active as soon as nxagent is started,
# we need a small delay of $CUPS_SEAMLESS_DELAY.
#
# Note: You need to use a patched cupsd on client side.

#ENABLE_CUPS_SEAMLESS="0"
#CUPS_SEAMLESS_DELAY="10"

# FreeNX with ENABLE_FOOMATIC will integrate the foomatic db to the list
# of available ppd drivers via the $COMMAND_FOOMATIC command.

#ENABLE_FOOMATIC="1"
#COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"

# CUPS_BACKEND and CUPS_ETC are the corresponding paths of your CUPS
# installation.

#CUPS_BACKEND="/usr/lib/cups/backend"
#CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
#CUPS_DEFAULT_SOCK="/var/run/cups/cups.sock"
#CUPS_ETC="/etc/cups"

# SAMBA_MOUNT_SHARE_PROTOCOL is a key to configure the supported
# protocols for mounting shares.
#
# This key can be set to the following values:
#
# both, either SMB and CIFS protocol are supported, this is the default value.
# smbfs, only SMB protocol is supported.
# cifs, only CIFS protocol is supported.
# none, no network file-sharing protocol is supported.

#SAMBA_MOUNT_SHARE_PROTOCOL="both"

# FreeNX with ENABLE_SAMBA_PRELOAD="1" will automatically setup
# port 445 and 139 and forward them to the used samba port.
#
# This enables samba browsing to the local subnet in for example
# konqueror.
#
#ENABLE_SAMBA_PRELOAD="0"

# FreeNX with ENABLE_SOURCE_BASH_PROFILE="1" will source the users ~/.bash_profile
# before application startup as we are kind of a login shell.
#
# With this key this behaviour can be enabled (default) or disabled.
#
#ENABLE_SOURCE_BASH_PROFILE="1"

################################################## #######################
# Path directives
################################################## #######################

# USER_FAKE_HOME is the base directory for the .nx directory. Use this
# parameter instead of the users home directory if $HOME is on a NFS share.
# Note that this directory must be unique for every user! To accomplish this
# it is recommended to include $USER in the path.
#USER_FAKE_HOME=$HOME

# Add the nx libraries to LD_LIBRARY_PATH before starting nx agents.
# WARNING: This will NOT (and should not) affect applications. ONLY Disable
# this if the nx libraries are in a standard system path (such as /usr/lib)!
#SET_LD_LIBRARY_PATH="1"


# The command binary for the default window manager. If set it is run when a
# 'unix-custom' session is requested by the NX Client and an application
# to run is specified. It defaults to empty (ie no WM is run).
# If KILL_DEFAULT_X_WM is set the WM is terminated after the started
# application finishes. Else FreeNX will wait for the WM to complete.
#DEFAULT_X_WM=""
#KILL_DEFAULT_X_WM="1"

# When a 'unix-default' session is requested by the client the user's X startup
# script will be run if pressent and executable, otherwise the default X
# session will be run.
# Depending on distribution USER_X_STARTUP_SCRIPT might be .Xclients, .xinitrc
# and .Xsession
# Depending on distribution DEFAULT_X_SESSION might be /etc/X11/xdm/Xsession,
# /etc/X11/Sessions/Xsession or /etc/X11/xinit/xinitrc
#USER_X_STARTUP_SCRIPT=.Xclients
#DEFAULT_X_SESSION=/etc/X11/xdm/Xsession

# When the session is started some distros execute some scripts to get the
# environment ready. Set 1 if you want DEFAULT_X_SESSION to be called before
# executing the session.
#BOOTSTRAP_X_SESSION="0"

# The key that contains the name of the script that starts a KDE session.
# It's run when a 'unix-kde' session is requested by the client.
#COMMAND_START_KDE=startkde

# The key that contains the name of the script that starts a gnome session.
# It's run when a 'unix-gnome' session is requested by the client.
#COMMAND_START_GNOME=gnome-session

# The key that contains the name of the script that starts a CDE session.
# It's run when a 'unix-cde' session is requested by the client.
#COMMAND_START_CDE=cdwm

# The key that contains the name of the complete path of command name
# 'xterm'. It is run when a unix "xterm" session is requested by the
# client.
#COMMAND_XTERM=xterm

# The key that contains the name of the complete path of command name
# 'xauth'.
#COMMAND_XAUTH=/usr/bin/xauth

# The key that contains the name of the complete path of command name
# 'smbmount'.
#COMMAND_SMBMOUNT=smbmount

# The key that contains the name of the complete path of command name
# 'smbumount'.
#COMMAND_SMBUMOUNT=smbumount

# The key that contains the name of the complete path of command name
# 'mount.cifs'.
#COMMAND_SMBMOUNT_CIFS=/sbin/mount.cifs

# The key that contains the name of the complete path of command name
# 'umount.cifs'.
#COMMAND_SMBUMOUNT_CIFS=/sbin/umount.cifs

# The key that contains the name of the complete path of the 'netcat' command.
#COMMAND_NETCAT=netcat

# The key that contains the name of the complete path of the 'ssh' and
# 'ssh-keygen' command.
#COMMAND_SSH=ssh
#COMMAND_SSH_KEYGEN=ssh-keygen

# The key that contains the name of the complete path of the 'cupsd' command.
#COMMAND_CUPSD=/usr/sbin/cupsd

# The tool to generate md5sums with
#COMMAND_MD5SUM="openssl md5"

# The key that contains the name of the complete path of the 'rdesktop' command.
#COMMAND_RDESKTOP=rdesktop

# The key that contains the name of the complete path of the 'vncviewer' command.
#COMMAND_VNCVIEWER=vncviewer

# The key that contains the name of the complete path of the 'vncpasswd' command.
# By default the builtin nxpasswd is used.
#COMMAND_VNCPASSWD="$PATH_BIN/nxpasswd"

# The key that contains the name of the complete path of the 'x11vnc' command.
#COMMAND_X11VNC=x11vnc

# The key that contains the name of the complete path of the 'taskset' command.
#COMMAND_TASKSET=taskset

################################################## #######################
# Misc directives
################################################## #######################

# When you installed an old 1.5.0 NX Backend, set this to 1.
#ENABLE_1_5_0_BACKEND="0"

# When set to 1 this will automatically resume started sessions
#ENABLE_AUTORECONNECT="0"

# When set to 1 this will automatically resume started sessions
# but only if an older client version is used
#ENABLE_AUTORECONNECT_BEFORE_140="1"

# When set to 1 exports NXUSERIP / NXSESSIONID in nxnode
#EXPORT_USERIP="0"
#EXPORT_SESSIONID="1"

# This can be set to any executable, which is started after session startup
# like: $NODE_AUTOSTART {start|restore}
#NODE_AUTOSTART=""

# When set to 1 will start nxagent in rootless mode.
#ENABLE_ROOTLESS_MODE="1"

# If enabled writes entries via the COMMAND_SESSREG program
# into utmp/wtmp/lastlog database.
# Note: You have to make sure that you add the nx user to the
# utmp or tty group or how its called on your system
# before this directive works.
#ENABLE_USESSION="1"
#COMMAND_SESSREG="sessreg"

# Extra options sent to the different nx agents. See !M documentation
# for examples of useful parameters.
#AGENT_EXTRA_OPTIONS_RFB=""
#AGENT_EXTRA_OPTIONS_RDP=""
#AGENT_EXTRA_OPTIONS_X="-nolisten tcp"

# The number of seconds we wait for the nxagent to start before
# deciding startup has failed
#AGENT_STARTUP_TIMEOUT="60"

# The font server the agent will use. If set to "" no font server is used.
# For this to do any good, the client has to have the same font server set
# in /etc/X11/XF86Config
#AGENT_FONT_SERVER=""

# Disable or enable use of 'tcp nodelay' on proxy. Old versions of Linux
# kernels have problems using this option on sockets that will cause a loss
# of TCP connections. This option is not set by default to allow clients to
# specify whether to enable or disable TCP nodelay. Setting this option to
# the value of "0" NX proxy avoids using 'tcp nodelay' but it will cause a
# loss of interaction in sessions.
#PROXY_TCP_NODELAY=""

# Extra options to nxproxy. See !M documentation for useful parameters.
#PROXY_EXTRA_OPTIONS=""

# In case you want to use an external 'rdesktop' command
# set this to "1".
#
# If nxdesktop cannot be found this is set automatically to "1".
#ENABLE_EXTERNAL_NXDESKTOP="0"

# This configuration variable determines if 'rdesktop' command should be run with -k keyboard option
# or if the keyboard should be autodetected.
#
#ENABLE_EXTERNAL_NXDESKTOP_KEYBOARD="1"

# In case you want to use an external 'nxviewer' command
# set this to "1".
#
# If nxviewer cannot be found this is set automatically to "1".
#ENABLE_EXTERNAL_NXVIEWER="0"

----------------------------------------------------------------------------------
sshd_config:

Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress 192.168.1.6
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys2
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
#ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

AllowUsers martin nx
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server