Disable warning about authenticity of host

Forum / NoMachine Cloud Server Products / Disable warning about authenticity of host

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #52804
    Steve92
    Participant

    Hi!

    I’m experimenting with the usage of HAProxy to balance the load between 2 ECS (round robin).

    At each connection, the change of ECS (expected since round robin) is detected, and I get this warning (2 warning boxes) :

    The authenticity of host can’t be established. The certificate fingerprint is: .... Are you sure you want to continue connecting?

    How can I disable this warning to make load balancing fully transparent for the end user ?

    Thanks,

    Regards,

    Steve.

    #52819
    katpan
    Participant

    Hello,

    We have implemented some features in version 8.12.12.

    You can check our article and download the newest version here: https://kb.nomachine.com/SU07V00255?s=SU07V00255

    #52820
    Steve92
    Participant

    Could you be more precise ?

    #52834
    Britgirl
    Keymaster

    Katpan was right about the version in which we added the option to allow the host identity key to be automatically accepted (see the link above), “Adding a new option in the UI to automatically accept the host identity key”.

    There is now an option in the ‘Edit connection’ panel to automatically accept the new host identity key when the “Verify host identification” dialog is issued. If you go in to the Edit panel when configuring the connection, you can see the checkbox ‘Always accept the host verification key provided by the remote host’.

    It corresponds to the following setting in the connection file (.nxs):

    option key="Automatically accept new hosts identification key" value="true"

    #52907
    Steve92
    Participant

    Hi!

    I’ve tested this new option, it’s half a success.

    I get only one warning box (the 1st one beginning with “The authenticity of host can’t be established…”), I don’t have any more the 2nd box displaying the key.

    Any mean to get rid of this pop-up ?

    NB: if I use SSH instead of NX, I don’t have the problem even without ticking this new option. I don’t have any warning box.

    Is it possible to have the same behaviour (no warning at all) with NX than with SSH ? How ?

    The use of a load balancer should be transparent to users.

    Regards,

    Steve.

    #52959
    Steve92
    Participant

    Hi,

    No solution to solve this problem that occurs only with NX protocol ? 🙁

    Regards,

    Steve.

    #52965
    Britgirl
    Keymaster

    We are unable to reproduce the problem you have with NX sessions. Note that the option we offer only hides the identity of an unknown server. If you connect to the same server but the identity changes, it is a mismatch that is shown to you for security reasons. It is the same for SSH sessions. So it is better to check the player logs from NX connection and then a set for the SSH connection. You can submit them here, thanks!

    #52975
    Steve92
    Participant

    Hi!

    This problem is strange, I did a quick testing on !M client, after deleting this hosts.crt file, and I see

    /home/my_user/.nx/config/hosts.crt

    is re-created and is updated with only the public key of one of the 2 members of the cluster handled by HAProxy (and go-mmproxy), even after many logins well balanced.

    Very surprising !

    I tried to manually add the public keys (/usr/NX/etc/keys/host/nx_host_rsa_key.crt) of the 2 ECS of the cluster to

    /home/my_user/.nx/config/hosts.crt on !M client.

    Then I protected the file with:

    chown root:root hosts.crt

    chmod 400 hosts.crt

    At each logging from !M client, a warning is displayed saying the file hosts.crt is write protected that is a little bit better than a host authenticity warning.

    I have to investigate further.

    Regards,

    Steve

     

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Please login .