NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR02L00785
Applies to: NoMachine Software
Added on: 2014-02-21
Last update: 2019-11-28
How to set up key based authentication with NX protocol

This article applies to NoMachine v. 4 or later.

Support for key-based authentication with the NX protocol requires the public SSH key be added on the server side, in the user's home, to grant access. When you connect to the server you will have to insert the private key in the NoMachine User Interface (GUI).

Key-based authentication with NX protocol is available for all the NoMachine server products, including the free version.


You have already generated an SSH key pair, for example by using the ssh-keygen tool on a Linux host.

Be sure that the keys is in OpenSSH format.
Note that the new OpenSSH format introduced by openssh version 7.8p1-1 is not supported yet, please see for more details. It provides also a possible workaround.

If you have generated the SSH key pair on Windows, for example by using PuTTYgen (, be sure it's in OpenSSH format or convert it. To do that choose the key file in the PuTTYgen main window. Then go to Conversions->Export OpenSSH key to export your private key and save it.

Add the public SSH key on the server

1. Navigate to the <user's home>/.nx/config directory.
    Create this directory if it doesn't exist.

2. You should find there the authorized.crt file. Create this file if it doesn't exist. On Linux/Mac, this file needs to have permissions set to 0600.

3. Append your SSH public key at the end of the authorized.crt file. If you're using a text editor, be sure to not save the file in a different format.

4. Save changes.

This is an example of how the public key added to the authorized.crt file looks like:


ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLPbAnTn+6UlZQEqudUChU9JMm2bZ92E7Pda313s6p/W89tFHV3MmG965


Use the private SSH key when connecting with your client

On the user's computer:

1. Launch the NoMachine User Interface from Programs menu or Applications and right click on a connection. Choose 'Edit connection'  to access connection settings.

2. Be sure that NX is the selected protocol in the drop-down menu.

3. Click on the Advanced button.

4. Choose 'Private key'  authentication and click on the 'Settings' button.

5. Click  the '...' button navigate directories and provide path to your private SSH key.

Since client version 5.1.7 it' possible to store the private key in the connection file by checking the 'Import the private key to the connection file'  option.

6. Click on 'OK' button and connect.

The client will prompt you for username and passphrase. If your SSH key doesn't have a passhprase, leave this field empty.



See the following article to see how to setup key-based authentication for connections with the SSH protocol and system login:
Use a SSH private key when connecting from NoMachine client

This article includes also a section dealing with connections by SSH protocol and NoMachine login. This method doesn't support key-based authentication: the initial authentication happens between client and server by using a SSH key, then the user needs to authenticate by providing username and password. This SSH key can be customized.