NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR04K00665
Applies to: NoMachine Server
Added on: 2013-04-02
Last update: 2017-11-20
Keys and certificates for host verification explained and how to replace them

This article lists which keys and certificates are used with NoMachine 4 or later.

Administrators who may want to replace them with their own keys and certificates, should refer to the following guides: 

for v. 6 - https://www.nomachine.com/DT03O00127

for v. 5 -  https://www.nomachine.com/DT09M00103

for v. 4 - https://www.nomachine.com/DT04L00069

 

More information about the supported connections protocols and authentication methods are available here:

for v. 6 - https://www.nomachine.com/DT10O00150#2

for v. 5 - https://www.nomachine.com/DT07M00088#2

for v. 4 - https://www.nomachine.com/DT12I00037#2


List of keys and certificates used by NoMachine


1) The SSL CERTIFICATE FOR NXD (For connections by NX protocol)

nxd is the NoMachine Network Daemon necessary to connect through NX protocol. Its SSL certificate is made of:

<installation directory>/etc/keys/host/nx_host_rsa_key.crt
<installation directory>/etc/keys/host/nx_host_rsa_key

 

2) The SSL CERTIFICATE FOR NXHTD (For connections by the web)

nxhtd is the NoMachine Web Server necessary for deploying sessions on the web. It's installed with each server type that supports web sessions.

Installation comes with a self-signed a SSL Certificate File and SSL Certificate Key file intended to be just a sample. They are, respectively:

<installation directory>/etc/keys/host/ht_host_rsa_key.crt
<installation directory>/etc/keys/host/ht_host_rsa_key

Administrators have to replace the sample SSL Certificate File and Key File with their own certificate self-signed or acquired from a CA.
 

3) The RSA KEY PAIR FOR NXSSHD (For connections by SSH on Windows and NoMachine login)

nxsshd is the NoMachine SSH server installed on Windows by any of the enterprise packages.

The NoMachine client authenticates by SSH protocol and NoMachine login by using a DSA key  and the user's system password.

RSA keys are:

<installation directory>/etc/keys/host/ssh_host_rsa_key
<installation directory>/etc/keys/host/ssh_host_rsa_key.pub

 

4) The SSH KEY PAIR FOR SSHD ( For connections by SSH protocol and NoMachine login)

The NoMachine client authenticates by SSH protocol and NoMachine login by using a RSA key (or DSA key for versions previous than v. 5.1.22)  and the user's system password.

 

5) The RSA KEY PAIR FOR THE REMOTE NODES

The server authenticates on the node with a RSA key pair (or DSA key for versions previous than v. 5.1.22).

This RSA key pair is generated during the installation and its server specific.

When adding the node to the server (by means of nxserver --nodeadd command), the public part of this key pair is automatically added to the remote node:

- if server-node protocol is NX, the key is added to <installation directory>/nx/.nx/config/authorized.crt

- if server-node protocol is SSH, the key is addded to <installation directory>/nx/.ssh/authorized_keys2 and <installation directory>/nx/.ssh/default.id_dsa.pub

 

6) THE RSA KEYS FOR THE FAILOVER CLUSTER (For connections by SSH protocol)

The master server authenticates on the secondary server with a RSA key pair (or DSA key for versions previous than v. 5.1.22).

 

For v. 6 or newer:

7) The RSA key pair for NoMachine servers federated under a Cloud Server
NoMachine Cloud Server authenticates on any of the federated servers with a RSA key pair.

This key pair is made of:
<installation directory>/etc/keys/node.localhost.id_rsa
<installation directory>/etc/keys/node.localhost.id_rsa.pub