Inverse connection and node public key

[Steve92]

Hi!

With inverse connection mode, when a node is added to the ECS from the node itself, the public key of the node has to be present on the ECS.

How and when is this public key used ?

Is it used to encrypt key used for symmetric encryption between ECS & node ?

Thanks !

Regards,

Steve.

 

 

[Britgirl]

The key is used only to authenticate the node host, so that ECS is sure a connection is incoming from an authorized host. The encryption key is negotiated between client and server as part of initial SSL/SSH handshake.

[Steve92]

Hi!

So the symetric encryption key is not encrypted with public key of the node stored in

/var/NX/nx/.nx/config/authorized.crt

?

How is the symetric encryption key protected during exchange ?

I’ve noticed sometimes the public key of a node is deleted from  /var/NX/nx/.nx/config/authorized.crt when a node is deleted but it doesn’t seem to be done in a systematic way.

When exactly a public key is deleted from  /var/NX/nx/.nx/config/authorized.crt file ?

Is it the same logic when the node is deleted from UI or with the command line ?

Thanks,

Regards,

Steve.

[Britgirl]

NoMachine removes the public key when node/server (with nodedel/serverdel) are removed provided one can reach the other. For example, when the node is removed from the server, but that node is unreachable, the public key of the server will be left on the node host. The node will still be deleted. In the case of inverse connection, the nxserver --serverdel will connect to the server and remove the node’s public key, but if the server is unreachable when the command is run, then the public key will not be removed. The server will still be deleted. When I say “unreachable” it can mean the server/node is missing or stopped, or the connection between the two has been interrupted for whatever reason.

All connections are encrypted using SSL, you can read more about this in our detailed article about security: https://kb.nomachine.com/AR04S01121

[Author]

Posts