Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to obtain Windows host key for RDP sessions? [closed]

My company admin just found the answer to this question as I was writing it, so I'm posting it here for others:


I use xfreerdp to connect to a Windows 7 machine from Linux with RDP. Typically, I provide my credentials and the IP address of the machine and everything works fine. One day, I come in and attempt to connect, only to be presented with this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the host key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

(The x's were actual numbers.) I checked my Linux known_hosts file for the machine I was connecting to, and yes, indeed, the RSA fingerprint for the machine did change. So I asked the admin at my company if he had done some updates or anything that would have changed the key Windows uses for RDP sessions. He said nothing had changed that he was aware of. At this point, common sense and my knowledge of security tells me I wasn't supposed to connect until I logged into the machine physically and checked that there was indeed a new RSA host key for RDP. (If there wasn't, then it would be likely that there was a man-in-the-middle attack going on.)

The problem is, when I logged into the physical machine to find out if the RSA key had changed, I couldn't figure out where to go to view it. I searched online and couldn't figure out any way in Windows 7 to view the RSA fingerprint of the key RDP sessions use. Does anyone know where I can view the key?

like image 921
Alex Avatar asked Feb 15 '13 16:02

Alex


People also ask

How can I recover my RDP password?

If you want to recover that password of another . rdp file, just drag the file from Explorer into the window of Remote Desktop PassView utility or use the "Open . rdp File" option from the File menu. Be aware that Remote Desktop PassView can only recover the passwords created by your current logged on user.

How do you fix the remote session was disconnected because there are no remote desktop license servers?

In the policy list, right-click Set the Remote Desktop licensing mode, and then select Properties. Select Enabled. Under Specify the licensing mode for the Remote Desktop Session Host server, select Per Device or Per User, as appropriate for your deployment.

Where are RDP sessions saved?

Information about all RDP connections is stored in the registry of each user. It's impossible to remove a computer (or computers) from the list of RDP connection history using built-in Windows tools.


1 Answers

Here is a step by step guide on how to obtain your RSA host key fingerprint for RDP sessions in Windows 7:

First, click on the start button (or press the Windows key on the keyboard). Type "mmc" into the search, and select "mmc.exe" (Microsoft Management Console).

Step 1

When it opens, click File->Add/Remove Snap-in... From the list on the left (Available snap-ins), select "Certificates" and click "Add >"

Step 2

Select "Computer account" click next. Make sure "Local computer" is selected, and click "Finish". Click "OK" to exit the Add/Remove Snap-in screen.

Step 3

Now you should be back in the main MMC window, but there should be a Snap-in called "Certificates (Local Computer)" in the list on the left. Expand that and expand "Remote Desktop" and then "Certificates". There should be at least one certificate that appears in the middle area of the window. Double click on that, and select the "Details" tab. Scroll down to the bottom and there will be details about the key specified in the certificate, including the "Thumbprint" field, which corresponds to the host key fingerprint that Linux's xfreerdp reports when you attempt to connect to the machine.

Step 4

You'll also notice that there's an additional two hex digits in the "Thumbprint" field. (The xfreerdp-reported fingerprint is 38 hex digits long, while the thumbprint field has 40). Strip off the first two hex digits in the thumbprint to obtain the RSA fingerprint of the RDP host key (I have no idea what these digits are).

like image 134
Alex Avatar answered Nov 16 '22 02:11

Alex