[FreeNX-kNX] Restricting login access to an NX-server

[LROUFAIL at nc.rr.com]

This is a description of the protocol between the client and the 
server.  It may have changed slightly for 1.5.0 (If anyone can help 
update the doc I would appreciate it).

http://home.nc.rr.com/moznx/typical.txt

----- Original Message -----
From: Ragnar Wisløff <ragnar.wisloff at linuxlabs.no>
Date: Wednesday, October 12, 2005 5:01 am
Subject: [FreeNX-kNX] Restricting login access to an NX-server

> The NX system works very well, actually impressive :) But we have 
> seen it as a 
> slight problem that it would be possible to log in to a server 
> running NX by 
> using any SSH client. It turned out be relatively easy to prevent 
> this using 
> sshd_config settings. In the process we looked at a few other 
> options that 
> did not work. One of them was using various types of restricted 
> shells. 
> Authentication always failed in the NX client when using things 
> like /bin/rbash as user shells, even if it was possible to log in 
> using 
> console-based SSH clients. 
> 
> Apparently there are commands being executed before any GUI is 
> started, but 
> which? I guess the answer to which commands these are is in the 
> code, but I 
> am asking here anyway. It would be nice to have a restricted 
> shell, possibly 
> with a chroot environment as an extra safety net. Any thoughts on 
> this issue? 
> What are sysadmins doing to harden their (publicly available) NX 
> servers?
> I've done the testing on Debian Sarge with the NoMachine client 
> 1.5.0-113 for 
> LInux, freenx server 0.4.4+0.4.5.3 (src debs from kanotix) and 
> NoMachine nx* 
> 1.4.92+1.5.0-4 (again src debs from kanotix).
> 
> 
> -- 
> Med vennlig hilsen
> Ragnar Wisløff
> LinuxLabs AS
> Tlf 90 89 41 52
> _______________________________________________
> FreeNX-kNX mailing list
> FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
>