[FreeNX-kNX] nxclient and "challengeresponseauthentication no"
Brian Keener
brikeener at gmail.com
Mon Feb 6 20:40:08 UTC 2006
On 2/5/06, * * <richardvoigt at gmail.com> wrote:
>
>
> Just run nxclient? Type in your boss's userid and password and xterm
> with the shell of your choice in unix custom? I fail to see much
> distinction between typing "su..." at a prompt and having nxserver run
> it for me, if I control the input.
>
> I was just trying to point out to someone with sysadmin aspirations
> that having remote sessions via password (using NX) defeats the
> purpose of "PasswordAuthentication no" in sshd-config.
>
> <snip>
>
> If you are willing to give up the password-login and the NoMachine
> client, then you can ENABLE_USERMODE_AUTHENTICATION="1" and use keys.
>
> If you want to have password-login but not allow the world to brute
> force your box, then don't use the nomachine key.
>
> To reiterate, if you are afraid of having your box accessed remotely,
> what possessed you to run NX, which has no purpose other than
> (interactive) remote access?
> _______________________________________________
> FreeNX-kNX mailing list
> FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
>
How does nxserver use "su" to impersonate the intended user, out of
curiosity?
I realize you only get an nxserver prompt if you were to ssh in using the
default key. I assume that the nxclient issues commands of some sort to
execute su and other tasks, what commands are those? Are they plain text
commands or some sort of additional authentication/encryption/whatever
performed at that point?
I haven't had the time to do anything further with nxserver, myself. I
absolutely require cygwin to do many of my day-to-day tasks at work, and the
fact that I apparantly must choose between Cygwin or NXClient has pretty
much caused me to abandon my nxclient investigations for the moment and
return to tightvnc tunneled over SSH. I see there's something called the
"web companion" but since I don't intend on running a webserver on my target
machine I'm not sure if that's any use to me.
Brian K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20060206/33863595/attachment.html>
More information about the FreeNX-kNX
mailing list