[FreeNX-kNX] FreeNX Security Model Challenge

Paul van der Vlis paul at vandervlis.nl
Tue Jul 12 11:36:33 UTC 2005 

Fabian Franz schreef:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Am Mittwoch, 15. Juni 2005 11:08 schrieb Paul van der Vlis:
> 
>>>This key is used to establish an initial secure tunnel, over which in
>>>the next stage the real login of the user, with his real (and hopefully
>>>kept secret by him!) credentials happens.
>>
>>By FreeNX, not by SSH. As a "stupid user", you maybe think you have SSH
>>security because only port 22 is open.
> 
> 
> This is correct.
> 
> 
>>>So it is a gross missrepresentation to paint the "--setup-nomachine-key"
>>>option as a "not really secure" one. It *IS* secure.
>>
>>It opens a door with a very secure lock (SSH) to a door with a less
>>tested lock (FreeNX).
> 
> 
> Yes, but the alternative would be to do it the Microsoft way:
> 
> Let FreeNX run as root.
> 
> ... Wait thats a bit more insecure, isn't it?
>
> Ok,
> 
> here is a challenge for you.
> 
> Make a concept, which is:
> 
> - - As secure as SSH
> 	* In FreeNX _almost_ reached.
> 	* Key is protected from using port-forwarding / ...
> 	* nxserver shell was audited by SuSE Security Team.
> 
> - - Allows central secure session management
> 	* Possible in FreeNX since day 0,5.
> 
> - - Allows load balancing
> 	* Possible in FreeNX 0.5.0.
> 
> - - Allows NX sessions only (possibly via KDE KIOSK, where you never see a 
> shell)
> 	* Possible In FreeNX since day 0,5.
> 
> - - Allows usage of public keys / smart cards / ... 
> 	* I've recently proven that its possible with the current model.
> 
> - - Is easy to setup
> 	* This means no Kerberos infrastructure as dependancy for example.
> 	* FreeNX is _almost_ easy to setup once you've understood the key/SSH 
> hassles.
> 
> If you provide me with such an architecture, I'll upgrade FreeNX to support it 
> asap.

When you use your own keypair and not the default nomachine-key I do not
see a security-point. Or do I miss something?

I think it's important to look at the weak and the strong points of an
implementation. The strong point of using the nomachine-key is that it's
easy to install.

Here in Holland we say: "every advantage has it's disadvantage".

With regards,
Paul van der Vlis.

More information about the FreeNX-kNX mailing list