For Fedora Workstation 37 - to allow a Remote Desktop connection, in the client side can be use
Remmina and in the server is mandatory enable the
Remote Desktop option, it through
In the bottom of the
Remote Desktop window exists the
Authentication section and the
Verify Encryption button. If it is press it appears a small window with the
Encryption Fingerprint value - it in the server side. For the client side - this value appears for the first attempt connection as a
Certificate. Is mandatory accept that Certificate to accomplish the first connection and make others in the future.
- From where does
Encryption Fingerprint come from?
Or in other words:
- In what file is stored that
That value shown is stored from some place (file), right?
Did you check in ~/.ssh of the specific user ?
gsettings list-recursively org.gnome.desktop.remote-desktop.rdp
Turns out that it uses a certificate located in
To get the fingerprint
openssl x509 -noout -in ~/.local/share/gnome-remote-desktop/rdp-tls.crt -fingerprint -sha256
Allesio - Huge Thanks for the quick reply, let me test it today in the night - to mark you answer as the solution. Just being curious, how did you know that? Some link as tutorial to dig more about that?
ilikelinux - Yes, I thought the same but working with the
/etc/ssh directory instead - remember all is about the server itself where the mentioned Encryption Fingerprint is send to the client for the first attempt of connection - but is possible see directly in the server itself by just pressing the
Verify Encryption button as was mentioned in the original post.
/etc/ssh directory exists some
.pub keys - so I used for each key
ssh-keygen -lf /etc/ssh/ssh_host_XXX_key.pub //defaults to 'sha256'
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_XXX_key.pub
The format of presentation for the Encryption Fingerprint shown through the
Verify Encryption button is the same as the output of the commands mentioned above based on md5 - but the values are not the same. Therefore ssh is discarded.
Once confirmed the
openssl x509 -noout -in ~/.local/share/gnome-remote-desktop/rdp-tls.crt -fingerprint -sha256 command, therefore the format is really based on
It is a hash calculated for the RDP server certificate.
The certificate is stored on the RDP server as explained by @alciregi, but the server has no need to store the fingerprint itself.
On the other hand, the RDP client calculates the fingerprint for the server certificate on each connection to verify it against the stored one to prevent sending RDP credentials to a malicious server.
FreeRDP-based clients store the server certificate fingerprints here:
Thanks you Alessio - all your suggested commands work - it even in Ubuntu - it because is based on GNome too
Thanks to you Valadislav too - because was my intention to create a new post about where is stored in the client the received and accepted certificate. For the audience by default does not exist the
freerdp directory at
~/.config/, is mandatory at least had done one connection to some host, once done that exists the
~/.config/freerdp directory with many files, among them the
Again thanks for the valuable feedback - just being curious:
(1) In the server - in what file is stored the track history of all the clients that done the remote connection through
Remmina? - I am assuming the file contains the ip, date and connection duration
(2) same as question (1) but for the clients currently connected - it specially if 2 clients are connected at the same time to the same host - consider the scenario where client 1 is indicating or doing a supervision to client 2 to fix something in the remote server.
Yes. I did do realize that in the host in the top-right appears an icon in color orange about that the screen is shared, but there is no more information.
Thanks for your understanding
Huge thanks again for your quick and polite support.