ECS V8: Update nxd certificates

Forum / NoMachine Cloud Server Products / ECS V8: Update nxd certificates

Tagged: 

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • June 27, 2025 at 18:04 #53602
    Steve92
    Participant

    Hi!

    I need to update nxd certificate on dozens of servers (ED, SBTS).

    Each certificate has to be copied from remote servers to ECS to avoid authentication warnings.

    How can I do that in a script after collecting all certificates of remote machines ?

    Where on ECS do I have to copy certificates from these remote machines ?

    Thanks,

    Regards,

    Steve.

     

    June 30, 2025 at 16:47 #53631
    Steve92
    Participant

    Hi!

    Remote nodes are on VLAN administred by local admins.

    They don’t have rights on ECS that has its own dedicated admin.

    I’ve analyzed the subject and if I well understand we could use –keyadd to register the public keys of nxd of remote nodes in

    /var/NX/nx/.nx/config/authorized.crt on ECS.

    * Local admin

    Each local admin generates new 4096-bit nxd certificate (nx_host_rsa_key) and its public key (nx_host_rsa_key.crt) for all nodes on his VLAN.

    A prefix is added to each key:

    cp /usr/NX/etc/keys/host/nx_host_rsa_key.crt <source_hostname>_nx_host_rsa_key.crt

    All the keys are sent to ECS admin.

    * ECS Admin

    For each pub key received :

    sudo /etc/NX/nxserver –keyadd <source_hostname>_nx_host_rsa_key.crt

    => this command updates /var/NX/nx/.nx/config/authorized.crt

     

    Q1- Please, could you validate my understanding and this procedure ?

    Q2- What about inverse mode connection if nxd certificate is changed on remote node ?

     

    Thanks,

    Regards,

    Steve.

     

    July 1, 2025 at 09:24 #53641
    fisherman
    Moderator

    Hi,

    If I understood your goal correctly, you’re looking to add a node to ECS without requiring password authentication. You can achieve this by following the steps below:

    To add a node to ECS
    #1. On the node
    scp $ECS_IP:/usr/NX/etc/keys/host/node.localhost.id_rsa.pub $ECS_IP_node.localhost.id_rsa.pub
    sudo /etc/NX/nxserver --keyadd $ECS_IP_node.localhost.id_rsa.pub

    #2. On ECS
    sudo /etc/NX/nxserver --nodeadd $NODE_IP --node-name $NODE_NAME

    To perform the reverse ( adding an inverse node to an ECS )

    Follow the same procedure, but switch the roles:
    – Run step #1 on the ECS
    – Run step #2 on the node

    Would you need help to make the script for this flow?

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Please login .