- This topic has 7 replies, 3 voices, and was last updated 1 day, 11 hours ago by
.
-
Posts
-
Hi!
I’m experimenting with the usage of HAProxy to balance the load between 2 ECS (round robin).
At each connection, the change of ECS (expected since round robin) is detected, and I get this warning (2 warning boxes) :
The authenticity of host can’t be established. The certificate fingerprint is: .... Are you sure you want to continue connecting?How can I disable this warning to make load balancing fully transparent for the end user ?
Thanks,
Regards,
Steve.
Hello,
We have implemented some features in version 8.12.12.
You can check our article and download the newest version here: https://kb.nomachine.com/SU07V00255?s=SU07V00255
Katpan was right about the version in which we added the option to allow the host identity key to be automatically accepted (see the link above), “Adding a new option in the UI to automatically accept the host identity key”.
There is now an option in the ‘Edit connection’ panel to automatically accept the new host identity key when the “Verify host identification” dialog is issued. If you go in to the Edit panel when configuring the connection, you can see the checkbox ‘Always accept the host verification key provided by the remote host’.
It corresponds to the following setting in the connection file (.nxs):
option key="Automatically accept new hosts identification key" value="true"Hi!
I’ve tested this new option, it’s half a success.
I get only one warning box (the 1st one beginning with “The authenticity of host can’t be established…”), I don’t have any more the 2nd box displaying the key.
Any mean to get rid of this pop-up ?
NB: if I use SSH instead of NX, I don’t have the problem even without ticking this new option. I don’t have any warning box.
Is it possible to have the same behaviour (no warning at all) with NX than with SSH ? How ?
The use of a load balancer should be transparent to users.
Regards,
Steve.
We are unable to reproduce the problem you have with NX sessions. Note that the option we offer only hides the identity of an unknown server. If you connect to the same server but the identity changes, it is a mismatch that is shown to you for security reasons. It is the same for SSH sessions. So it is better to check the player logs from NX connection and then a set for the SSH connection. You can submit them here, thanks!
Hi!
This problem is strange, I did a quick testing on !M client, after deleting this hosts.crt file, and I see
/home/my_user/.nx/config/hosts.crt
is re-created and is updated with only the public key of one of the 2 members of the cluster handled by HAProxy (and go-mmproxy), even after many logins well balanced.
Very surprising !
I tried to manually add the public keys (/usr/NX/etc/keys/host/nx_host_rsa_key.crt) of the 2 ECS of the cluster to
/home/my_user/.nx/config/hosts.crt on !M client.
Then I protected the file with:
chown root:root hosts.crt
chmod 400 hosts.crt
At each logging from !M client, a warning is displayed saying the file hosts.crt is write protected that is a little bit better than a host authenticity warning.
I have to investigate further.
Regards,
Steve
You must be logged in to reply to this topic. Please login here.