For Fedora Workstation 37 - to allow a Remote Desktop connection, in the client side can be use Remmina and in the server is mandatory enable the Remote Desktop option, it through Settings β Sharing.
In the bottom of the Remote Desktop window exists the Authentication section and the Verify Encryption button. If it is press it appears a small window with the Encryption Fingerprint value - it in the server side. For the client side - this value appears for the first attempt connection as a Certificate. Is mandatory accept that Certificate to accomplish the first connection and make others in the future.
Question
From where does Encryption Fingerprint come from?
Or in other words:
In what file is stored that Encryption Fingerprint?
That value shown is stored from some place (file), right?
Allesio - Huge Thanks for the quick reply, let me test it today in the night - to mark you answer as the solution. Just being curious, how did you know that? Some link as tutorial to dig more about that?
About SSH
ilikelinux - Yes, I thought the same but working with the /etc/ssh directory instead - remember all is about the server itself where the mentioned Encryption Fingerprint is send to the client for the first attempt of connection - but is possible see directly in the server itself by just pressing the Verify Encryption button as was mentioned in the original post.
In the /etc/ssh directory exists some .pub keys - so I used for each key
The format of presentation for the Encryption Fingerprint shown through the Verify Encryption button is the same as the output of the commands mentioned above based on md5 - but the values are not the same. Therefore ssh is discarded.
Once confirmed the openssl x509 -noout -in ~/.local/share/gnome-remote-desktop/rdp-tls.crt -fingerprint -sha256 command, therefore the format is really based on sha256
It is a hash calculated for the RDP server certificate.
The certificate is stored on the RDP server as explained by @alciregi, but the server has no need to store the fingerprint itself.
On the other hand, the RDP client calculates the fingerprint for the server certificate on each connection to verify it against the stored one to prevent sending RDP credentials to a malicious server.
FreeRDP-based clients store the server certificate fingerprints here:
Thanks you Alessio - all your suggested commands work - it even in Ubuntu - it because is based on GNome too
Thanks to you Valadislav too - because was my intention to create a new post about where is stored in the client the received and accepted certificate. For the audience by default does not exist the freerdp directory at ~/.config/, is mandatory at least had done one connection to some host, once done that exists the ~/.config/freerdp directory with many files, among them the known_hosts2 file
Again thanks for the valuable feedback - just being curious:
(1) In the server - in what file is stored the track history of all the clients that done the remote connection through Remmina? - I am assuming the file contains the ip, date and connection duration
(2) same as question (1) but for the clients currently connected - it specially if 2 clients are connected at the same time to the same host - consider the scenario where client 1 is indicating or doing a supervision to client 2 to fix something in the remote server.
Yes. I did do realize that in the host in the top-right appears an icon in color orange about that the screen is shared, but there is no more information.
Take a look to system logs
Something like sudo journalctl -xf --no-pager
should show something like Mar 21 16:35:07 gnome-remote-desktop-daemon[5130]: [16:26:23:248] [5130:13128] [INFO][com.freerdp.core.connection] - Accepted client: remote.host
Something like sudo ss -nte | grep 3389
The command ss show the network connections and listening ports (-t displays only TCP connections). -e show only established connections. 3389 is the RDP port.