NX Security (was [FreeNX-kNX] Re: got: "cannot create directory `/home/.nx'")

freenx at mikebell.org freenx at mikebell.org
Tue Oct 19 22:33:09 UTC 2004


On Wed, Oct 20, 2004 at 12:23:13AM +0200, Kurt Pfeifle wrote:
> What makes you believe that??

The analysis stated below the line you quoted?

Correct me if I'm wrong on any of those points, by all means.

I definitely think however that even if the freenx server were well
audited and the problems with ssh's extended capabilities delt with, any
ssh developer would take serious issue with someone saying that NX has
the security of ssh.

The transport layer (assuming the "ssl encryption" support is turned on,
and that it works as I have been lead to believe) does have the security
of ssh. But by changing the authenticator from sshd to nxserver, one has 
replaced the authentication mechanism of ssh with that of NX, albiet
only for people who possess the machine password.

Again, I'm in no way badmouthing NX. It's quite an impressive work, I
was simply giving my analysis of its security, based on the VERY limited
amount of information I've been able to glean from documentation and a
VERY brief look over some of the source.

If I made a mistake on any point, by all means please correct me.



More information about the FreeNX-kNX mailing list