[FreeNX-kNX] KDE-3.5 will ship the new 'nxfish:/' utility

Kurt Pfeifle k1pfeifle at gmx.net
Tue Aug 30 13:58:22 UTC 2005 

Hi,

last night we committed Fabian's modification and extension to the
existing KDE "fish://" KIO slave, that adds the option to make it 
work as "nxfish:/"

For those of you who don't know "fish://" yet:

  * fish:// is used in Konqueror (or the FileOpen dialog of any
    KDE application) similar to http:// -- a 'protocol'.

  * call fish like this: "fish://yourusername@yourhostname.domain.com/"
    and it will prompt for the password of "yourusername"

  * fish will then connect to the SSH account of "yourusername" on
    "yourhostname.domain.com", and Konqueror will display the files
    and directories as if they were local.

In effect, fish is a utility that lets you mount, browse, use and 
edit your remote file resources through SSH in a secure way, and it
lets normal users who are familiar with a file manager use SSH 
without the commandline.

So much for the already many years old KDE fish technology. Now on
to "nxfish:/" ....

If used as "nxfish:/" from inside a remote NX session (no additional
user- or hostname needed), the KIO slave will connect to a special
share on the local NX client (default is "${HOME}/NX-Shares") and
will show all contained files in a remote Konqueror window. You can
move files into and out from the share from any side of the NX 
connection, and thusly dynamically change the files which are shared.

But the two main "clous" of nxfish:/ are these: 

 * you do not need Samba for secure and encrypted file sharing.

 * you can even put just symlinks into the share. nxfish:/ will 
   follow the symlinks and their targets will become readable and 
   editable from the remote NX session.

The security of nxfish is outlined by these facts:

 a) each NX user's nxfish:/ KIO slave is of course only pointing
    to his own ${HOME}/NX-Shares resource;
 b) it is not possible to "climb up" into ${HOME} from the shared
    resource;
 c) user authentication is completely transparent (no need to type
    a password) and guaranteed by FreeNX;
 d) the "executable" bit of the files (or symlinks) is ignored by
    nxfish;
 e) if nxfish follows a symlink pointing to a directory, it is not
    possible in the target directory to "climb" up;
 f) if the symlink however points to "/", you can of course walk
    around the complete file system tree of your NX client.

NOTE: nxfish:/ will only work if the remote NX server supports
this feature. Support for nxfish:/ will appear in FreeNX-0.5 (not
yet released); we hope its functionality will also be included 
into the NoMachine NX server. If you are interested to use this 
feature with FreeNX-0.4.x, wait a bit more for more detailed 
manual installation instructions to be published on this mailing 
list sometime soon...

nxfish:/ was developed by Fabian Franz. Waldo Bastian from the KDE
project reviewed the code.

I am just the messenger. Cheers, Kurt

More information about the FreeNX-kNX mailing list