Forum / NoMachine Cloud Server Products / Disable warning about authenticity of host
Tagged: host authenticity warning
- This topic has 7 replies, 3 voices, and was last updated 1 day, 11 hours ago by
Steve92.
-
AuthorPosts
-
April 25, 2025 at 11:10 #52804
Steve92
ParticipantHi!
I’m experimenting with the usage of HAProxy to balance the load between 2 ECS (round robin).
At each connection, the change of ECS (expected since round robin) is detected, and I get this warning (2 warning boxes) :
The authenticity of host can’t be established. The certificate fingerprint is: .... Are you sure you want to continue connecting?
How can I disable this warning to make load balancing fully transparent for the end user ?
Thanks,
Regards,
Steve.
April 25, 2025 at 15:25 #52819katpan
ParticipantHello,
We have implemented some features in version 8.12.12.
You can check our article and download the newest version here: https://kb.nomachine.com/SU07V00255?s=SU07V00255
April 25, 2025 at 17:19 #52820Steve92
ParticipantCould you be more precise ?
April 28, 2025 at 15:15 #52834Britgirl
KeymasterKatpan was right about the version in which we added the option to allow the host identity key to be automatically accepted (see the link above), “Adding a new option in the UI to automatically accept the host identity key”.
There is now an option in the ‘Edit connection’ panel to automatically accept the new host identity key when the “Verify host identification” dialog is issued. If you go in to the Edit panel when configuring the connection, you can see the checkbox ‘Always accept the host verification key provided by the remote host’.
It corresponds to the following setting in the connection file (.nxs):
option key="Automatically accept new hosts identification key" value="true"
May 7, 2025 at 21:07 #52907Steve92
ParticipantHi!
I’ve tested this new option, it’s half a success.
I get only one warning box (the 1st one beginning with “The authenticity of host can’t be established…”), I don’t have any more the 2nd box displaying the key.
Any mean to get rid of this pop-up ?
NB: if I use SSH instead of NX, I don’t have the problem even without ticking this new option. I don’t have any warning box.
Is it possible to have the same behaviour (no warning at all) with NX than with SSH ? How ?
The use of a load balancer should be transparent to users.
Regards,
Steve.
May 13, 2025 at 21:08 #52959Steve92
ParticipantHi,
No solution to solve this problem that occurs only with NX protocol ? 🙁
Regards,
Steve.
May 14, 2025 at 09:42 #52965Britgirl
KeymasterWe are unable to reproduce the problem you have with NX sessions. Note that the option we offer only hides the identity of an unknown server. If you connect to the same server but the identity changes, it is a mismatch that is shown to you for security reasons. It is the same for SSH sessions. So it is better to check the player logs from NX connection and then a set for the SSH connection. You can submit them here, thanks!
May 14, 2025 at 22:30 #52975Steve92
ParticipantHi!
This problem is strange, I did a quick testing on !M client, after deleting this hosts.crt file, and I see
/home/my_user/.nx/config/hosts.crt
is re-created and is updated with only the public key of one of the 2 members of the cluster handled by HAProxy (and go-mmproxy), even after many logins well balanced.
Very surprising !
I tried to manually add the public keys (/usr/NX/etc/keys/host/nx_host_rsa_key.crt) of the 2 ECS of the cluster to
/home/my_user/.nx/config/hosts.crt on !M client.
Then I protected the file with:
chown root:root hosts.crt
chmod 400 hosts.crt
At each logging from !M client, a warning is displayed saying the file hosts.crt is write protected that is a little bit better than a host authenticity warning.
I have to investigate further.
Regards,
Steve
-
AuthorPosts
You must be logged in to reply to this topic. Please login here.