AW: [FreeNX-kNX] Alioth projekt for FreeNX debian packages
Felix Schumacher
felix.schumacher at debeka.de
Wed Jun 15 07:13:18 UTC 2005
Hi all,
if "nxsetup --setup-nomachine-key" installs a pre-computed ssh private
key
for use with the secure channel. I believe anyone could intercept this
secure
Channel with a "man in the middle" attack. And get the clear-text
passwords
for the user, which are sent over the (than not so) secure channel.
And that would be a risk. Which could be avoided by creating an own
private/public key pair and distributing that private key to your
servers and the public key to your clients.
I hope I didn't confuse more people, and didn't talk to much rubbish.
Bye
Felix
-----Ursprüngliche Nachricht-----
Von: Kurt Pfeifle [mailto:k1pfeifle at gmx.net]
Gesendet: Mittwoch, 15. Juni 2005 03:46
An: freenx-knx at kde.org
Betreff: Re: [FreeNX-kNX] Alioth projekt for FreeNX debian packages
On Wednesday 15 June 2005 00:03, Paul van der Vlis wrote:
> apt-get install nxserver nxagent
> nxsetup --setup-nomachine-key
>
> This is not really secure,
To be honest, this is a sentence of ... shall I say "pure rubbish"?
More information about the FreeNX-kNX
mailing list