NoMachine 6.2.4_1 RSA key issue

Forum / NoMachine for Windows / NoMachine 6.2.4_1 RSA key issue


Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #19714


    I’m trying to configure RSA key ID between two Windows 10 hosts.

    I performed 2 fresh installs, and confirmed I can connect using the usual Windows account password auth.

    Then I followed this guide for setting up RSA key access.

    To generate the RSA keys, I used ssh-keygen on Linux, and copied the files to the Windows computers.

    When I try to connect, I’m getting “the session negotiation failed.  Error: Cannot accept public key”.

    Here’s what I see on the server-side:
    C:\>type Users\enviro2\.nx\config\authorized.crt
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCt9OVNjYd9BZEkB/QpKMc+hHEYfd1gxA4gnntvPCnWkKk92zluDJhDmFu49GQtR+vnpvR69zv3B9jLdRdjCwsG2mNzUuSotkWMWMlIkJ8pTM/n3cLs6xq/WIM+VlUdB+HnntnoJm5poXS7+cQpZyUObPy2IRweLD5Q7csK4p/uXejXfpfpuQ5s3DeuHxKeUS1C8ZA0NuXeBvvlYsfEBOUzdfX+P92NbsRwMYWhkoaDvOYMkFtHHk4gJjvIJ6lQojSE42nfxg3wxfJoO74Ki7e/QjxuiDT6yKkNniH5WLbSQJhXtDQ1lIXk24zZ2gNAqKneVm/dY7sfrFLFY50mz5mv

    C:\>type ProgramData\NoMachine\var\log\nxserver.log
    2018-09-24 10:38:46 739.562  4120 NXSERVER Starting WS 6.2.4 and services.
    2018-09-24 10:38:46 803.137  4120 NXSERVER System information: Windows 10, standalone.
    2018-09-24 10:46:35 231.614 10780 NXSERVER WARNING! NXRunCommand: Timeout while waiting for command ‘C:\Program Files (x86)\NoMachine\\bin\\nxexec C:\Program Files (x86)\NoMachine\\bin\\nxexec –cat –user enviro2 –path config/authorized.crt’ response.
    2018-09-24 10:46:35 333.756 10780 NXSERVER WARNING! Process ‘C:\Program Files (x86)\NoMachine\\bin\\nxexec –cat –user enviro2 –path config/authorized.crt’ with pid ‘3396/932’ finished with exit code 4 after 30,134 seconds.

    C:\>type ProgramData\NoMachine\var\log\nxerror.log
    4120 6440 10:38:56 511.289 ServerNetworkInfoHandler: WARNING! Obtaining network data failed.
    Info: Server process running with pid 3956.
    Info: Handler started with pid 10780 on Mon Sep 24 10:46:03 2018.
    Info: Handling connection from port 50221 on Mon Sep 24 10:46:03 2018.
    Error: Cannot send request to NXLSA package.
    Error code is : 0.
    Package’s response is : 0xc0000001.
    Error: Cannot cat file ‘config/authorized.crt’ from user ‘enviro2’.
    10780 12168 10:46:35 231.614 Monitor/FileReadMonitor: WARNING! Canceling busy thread 11172 for FD#7.
    Info: Connection from port 50221 closed on Mon Sep 24 10:46:35 2018.
    Info: Handler with pid 10780 terminated on Mon Sep 24 10:46:35 2018.

    It seems like the issue is that the daemon can’t read the authorized keys file, but I’m able to print it as both administrator and the user in question.  So I’m not sure how to continue troubleshooting.

    Thanks for any advice


    Hello ifyffe,

    Please, check if lsass.exe process is running in protected mode.

    To do so:

    1. Download and install Process Explorer using this link:

    2. Start Process Explorer as Administrator.

    3. Double click on lsass.exe process and check the value of ‘Protected’ in ‘Security’ tab.


    Hi Cato,

    Thanks for the reply.

    lsass.exe security tab says

    Protected: no



    Currently we are unable to reproduce this issue in our test environment.

    To take more detailed information of lsass to the NoMachine service, we need to prepare a debug package. Would it be possible for you to install this NoMachine package and then and send us the logs to us for further analysis?


    I had this same issue.  I even used the process explorer and saw that lsass.exe was not running in protected mode.  I resolved my issue and it does appear to be an issue on NoMachine’s side.  My versions are Windows 6.3.6 server and Debian 6.3.6 client.

    The issue I had was that the key was in the new format (i.e. I used ‘-o’ when creating the key).

    The workaround was that I created a new key pair (without the ‘-o’ flag), appended the new public key to the server authorized.crt, and now it is working.

    The solution would be for NoMachine to support the new key formats.

    Hope this helps in the meantime!


    We have inserted a new Feature Request in the development roadmap:

    Adding support for ECDSA and ed25519 SSH key types

    Please use the ‘notify me’ service to know when it has been implemented 🙂

Viewing 6 posts - 1 through 6 (of 6 total)

This topic was marked as closed, you can't post.