Inverse connection and node public key

Forum / NoMachine Cloud Server Products / Inverse connection and node public key

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #52215
    Steve92
    Participant

    Hi!

    With inverse connection mode, when a node is added to the ECS from the node itself, the public key of the node has to be present on the ECS.

    How and when is this public key used ?

    Is it used to encrypt key used for symmetric encryption between ECS & node ?

    Thanks !

    Regards,

    Steve.

     

     

    #52344
    Britgirl
    Keymaster

    The key is used only to authenticate the node host, so that ECS is sure a connection is incoming from an authorized host. The encryption key is negotiated between client and server as part of initial SSL/SSH handshake.

    #52350
    Steve92
    Participant

    Hi!

    So the symetric encryption key is not encrypted with public key of the node stored in

    /var/NX/nx/.nx/config/authorized.crt

    ?

    How is the symetric encryption key protected during exchange ?

    I’ve noticed sometimes the public key of a node is deleted fromĀ  /var/NX/nx/.nx/config/authorized.crt when a node is deleted but it doesn’t seem to be done in a systematic way.

    When exactly a public key is deleted fromĀ  /var/NX/nx/.nx/config/authorized.crt file ?

    Is it the same logic when the node is deleted from UI or with the command line ?

    Thanks,

    Regards,

    Steve.

    #52409
    Britgirl
    Keymaster

    NoMachine removes the public key when node/server (with nodedel/serverdel) are removed provided one can reach the other. For example, when the node is removed from the server, but that node is unreachable, the public key of the server will be left on the node host. The node will still be deleted. In the case of inverse connection, the nxserver --serverdel will connect to the server and remove the node’s public key, but if the server is unreachable when the command is run, then the public key will not be removed. The server will still be deleted. When I say “unreachable” it can mean the server/node is missing or stopped, or the connection between the two has been interrupted for whatever reason.

    All connections are encrypted using SSL, you can read more about this in our detailed article about security: https://kb.nomachine.com/AR04S01121

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Please login .