NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR06O00932
Applies to: NX Software
Added on: 2017-06-12
Last update: 2019-05-07
How to set up key based authentication with SSH protocol

This article applies to NoMachine v. 4 or later.

Support for key-based authentication with the SSH protocol requires the public SSH key be added on the server side, in the user's home, to grant access. When you connect to the server you will have to insert the private key in the NoMachine User Interface (GUI).

Key-based authentication with SSH protocol is not available with NoMachine free version.


What you need to have done first

You have already generated an SSH key pair, for example by using the ssh-keygen tool on a Linux host, e.g.:

ssh-keygen -f my_key

It will generate two keys, the private one (my_key) and the public one (my_key.pub).

IMPORTANT
1) Be sure that the keys is in OpenSSH format.

2) Note that the new OpenSSH format introduced by openssh version 7.8p1-1 is not supported yet, please see https://www.nomachine.com/FR05Q03834 for more details.
As a workaround, generate the key pair by adding the '-m PEM' option to specify to use the old format:
ssh-keygen -m PEM -f my_key

3) If you have generated the SSH key pair on Windows, for example by using PuTTYgen (https://www.puttygen.com), be sure it's in OpenSSH format or convert it. To do that choose the key file in the PuTTYgen main window. Then go to Conversions->Export OpenSSH key to export your private key and save it.

 

 

Add the public SSH key on the server

Content of the public key have to be added to the authorized keys file on the remote computer.

The authorized keys file, usually 'authorized_keys' (or 'authorized_keys2' on old systems), is placed in the user's home directory: <user's home>/.ssh/authorized_keys.

On Linux and Mac hosts, check the configuration of SSHD (sshd_config) to verify path and name to the authorized keys file. When both 'authorized_keys' and 'authorized_keys2' are valid, 'authorized_keys' is preferable.

On Windows, NoMachine ships its own SSH server (nxsshd) which uses the authorized_keys file in the %USERPROFILE%/.ssh directory.


On the remote computer, create the authorized_keys file in the appropriate place, if it doesn't exist yet.

Then, append your SSH public key at the end of the authorized keys file and save changes.

For example on Linux, to add the public key to the authorized_keys file of user nxtest01 upload the my_key.pub file on the remote host and execute from a console :

cat my_key.pub >> /home/nxtest01/.ssh/authorized_keys

 

Use the private SSH key when connecting with your client

On the user's computer:

1. Launch the NoMachine User Interface from Programs menu or Applications and right click on a connection. Choose 'Edit connection'  to access connection settings.

2. Be sure that SSH is the selected protocol in the drop-down menu.

3. Click on the Advanced button.

4. Choose 'Private key'  authentication and click  on the 'Settings' button.

5. Click  the '...' button navigate directories and provide path to your private SSH key (e.g. my_key).

6. Click on 'OK' button and connect.

The client will prompt you for username and passphrase. If your SSH key doesn't have a passhprase, leave this field empty.