[FreeNX-kNX] Re: got: "cannot create directory `/home/.nx'"
Rick Stout
zipsonic at gmail.com
Wed Oct 20 06:39:59 UTC 2004
Jean-Eric, I want to take a stab at your questions.
Jean-Eric Cuendet wrote:
>
>> Think of this: You could of course devise an NX architecture which
>> does all this under the name of the respective NX end user. But it
>> would be more complicated for this end user, no? But would it be more
>> secure, by not using this "semi-public" nomachine-key? After all, this
>> is how we all log into remote machines.
>
This, I believe, should be an end goal.
>
> 2 questions Kurt,
> Do you know what will happen if the NX user is compromised? Will he
> authorize more than what the nx user owns? I mean, does he contain ssh
> keys to log to certain users? Or not?
>
If the nx user is compromised and somehow obtained a normal shell, the
file /etc/nxserver/users.id_dsa would allow a user to logon as any user
that had previously logged on with nx.
> And another one: Why couldn't we open an SSH session to the end user
> (not the nx user) and passing a command to execute like :
> "/usr/bin/nxserver" or "/usr/bin/nxnode" or something like that? Would
> it work?
>
It is possible to do this. The commands are all listed in nxnode, and I
know i've seen a HOWTO somewhere on this (can't find it at the moment,
but its late, and I really need some sleep). The only problem with this
is that you could not use the !M client to logon using that method.
> -jec
> _______________________________________________
> FreeNX-kNX mailing list
> FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
>
>
>
More information about the FreeNX-kNX
mailing list