When you connect to a NoMachine host that you have not connected to before via NX protocol, the client prints a message asking if you want to continue to connect or not.
Connections by NX protocol
Message looks like:
The authenticity of host testdrive can't be established. The certificate fingerprint is: SHA256 Fingerprint=E0:61:D4:83:60:72:93:3D:20:94:DC:F3:01:09:57:12:94:32:AD:B9:84:4D:40:0A:66:74:64:2B:4B:64:F9:1B. Are you sure you want to continue connecting?
By accepting to continue, you accept the encryption key the server sent you.
If you want to get the fingerprint of the actual encryption key, you can check it on the server host: the NoMachine server host certificate is:
placed in the /etc/keys/host/ folder under the installation directory of NoMachine.
E.g. if the server is on a Linux host and openssl is installed, you can run from a console the openssl command for Certificate Data Management and retrieve the fingerprint.
$ openssl x509 -noout -in /usr/NX/etc/keys/host/nx_host_rsa_key.crt -fingerprint -sha256
or for older versions of NoMachine server (prior to v. 5.3.9) using the SHA-1 cryptografic hash algorithm to calculate fingerprint:
$ openssl x509 -noout -in /usr/NX/etc/keys/host/nx_host_rsa_key.crt -fingerprint
If NoMachine is instead on Windows, open PowerShell or CMD console and move to the NoMachine installation folder.
Then move to the
etc\keys\host folder and execute the 'certutil' command on the nx_host_rsa_key.crt file:
certutil nx_host_rsa_key.crt | findstr "Cert"
Output will be similar to:
Certificate Extensions: 1
Root Certificate: Subject matches Issuer
Cert Hash(md5): 85861f38c0093ffb40686909e9f33493
Cert Hash(sha1): dfdbf9663168aaa9b1a2ad0a926ed84ca6d8e2c6
Cert Hash(sha256): 79708cb2779209f8079d423f07b24b33d549b69274a28b0f280dd959c26b3475
CertUtil: -dump command completed successfully.
Look for the ' Hash(sha256):' line to retrieve the fingerprint.
For older versions of NoMachine server (prior to v.5.3.9) using the SHA-1 cryptografic hash algorithm to calculate fingerprint:
right mouse click on the nx_host_rsa_key.crt file to open it and access the Details tab. Fingerprint is shown in the 'Thumbprint' field.
Connections by SSH protocol
Message looks like:
The authenticity of host testdrive can't be established. The RSA key fingerprint is: SHA256 B5 70 53 C3 3C F1 FB D9 AD CE EB CD 4C A3 1C FD EB B5 2F 3B 3E 60 60 90 F6 BA 82 4A 8C C9 DB 6F. Are you sure you want to continue connecting?
On a Linux host, you can check the fingerprint by means of this command:
$ LD_LIBRARY_PATH=/usr/NX/lib /usr/NX/bin/nxkeygen -f <path to ssh_host_public_key>
$ LD_LIBRARY_PATH=/usr/NX/lib /usr/NX/bin/nxkeygen -f /etc/ssh/ssh_host_rsa_key.pub