Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Article
ID: AR07T01165
Applies to: NoMachine Client
Added on: 2022-07-07
Last Update: 2022-07-12

How to do host key verification manually

When NoMachine server is reinstalled or the machine changes its IP, for example because the machine or the router has been rebooted, the certificate for host key verification changes and the user is prompted to accept the new fingerprint.

To avoid this step and ensure that user connects to the appropriate host without risking to accept spoofy sites, you can copy the certificate from the server host directly on the user's computer.

Instructions:

1) On the NoMachine server host, retrieve the NoMachine certificate and upload it to the user's computer:

/usr/NX/etc/keys/host/nx_host_rsa_key.crt on Linux
%ALLUSERSPROFILE%\NoMachine\etc\keys\host\nx_host_rsa_key.crt on Windows
/Applications/NoMachine.app/Contents/Frameworks/etc/keys/host/nx_host_rsa_key.crt on macOS

2) On the user's computer where NoMachine client is installed, move to the  .nx/config/ directory placed under the user's home. Then make a copy of the original client.crt file.

On Linux and macOS, you can execute the cp command from a terminal:
cp -p client.crt client.crt.ori

On Windows:
use the right mouse click to perform copy and paste of the file.

3) On the user's computer, append the server IP and the NoMachine certificate to client.crt in the user's home. For example if the IP of the NoMachine server host is 1.2.3.4, on Linux and macOS run from a terminal as the user:

$ echo "Host:1.2.3.4" >> client.crt
$ cat path/nx_host_rsa_key.crt >> ~/.nx/config/client.crt

On Windows:
open the client.crt file in a text editor and append the "Host:1.2.3.4" line and the content of the ceritifcate to the end of file.

The entry for Host:1.2.3.4 will be then present in client.crt which should look like:
(....)
Host:1.2.3.4
-----BEGIN CERTIFICATE-----
MIIC9zCCAd+gAwIBAgIRAP4YLqSxLm9xey/k41vmu+cwDQYJKoZIhvcNAQEFBQAw
(......)
-----END CERTIFICATE-----

4) You can then delete the nx_host_rsa_key.crt file uploaded on the user's computer.

On Linux and macOS:

 # rm nx_host_rsa_key.crt

On Windows use the right mouse click to delete files.

 

See also how to verify the NoMachine server host fingerprint information: https://kb.nomachine.com/AR10K00729