[FreeNX-kNX] FreeNX Security Model Challenge
Gian Filippo Pinzari
pinzari at nomachine.com
Tue Jul 12 13:10:15 UTC 2005
Paul van der Vlis wrote:
> I think it's important to look at the weak and the strong points of an
> implementation. The strong point of using the nomachine-key is that it's
> easy to install.
Easyness of installation was not really the idea behind having a
public key-pair. The idea behind the public key-pair is that you can
set up the NX server as a public facility, treat the NX users as
"untrusted" or even non-local, make possible to implement features
like session redirection and load-balancing and still encrypt and
protect the connection by using SSH. The NX server security model
offers the same security of SSH, except the SSH authentication. If
you don't trust NX server to authenticate the users, why would you
trust it if it was on the front-side, without the additional TLS
protections offered by SSH?
If you don't want to make your server public, create your own key-
pair. This will obviously make your server more secure as you will
have removed a way to get to the server.
/Gian Filippo.
More information about the FreeNX-kNX
mailing list