freenx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, 2006-01-24 at 03:36, Maciej ?enczykowski wrote:
> >
> > It is only used for the initial connection so the real login
> > and password are sent over an encrypted channel.  You can't
> > do anything else with the nx user login - and you could
> > generate new keys if you wanted.  But, you should be seeing
> > sshd[18876]: Accepted publickey for nx ... entries in
> > /var/log/secure if the key is working.
> 
> Which is of course totally screwed in the NX protocol.  What the hell
for 
> does it need an nx user for?  Pretty much nothing.  Indeed nothing at
all.

I'd say it is much, much better than trying to re-invent
a different secure connection protocol.

> It could just as well ssh directly into your account via ssh
user@host 
> /usr/bin/nxserver.

The real login does not have to run over ssh or use encryption.
That is optional and a waste of CPU if not needed.

> But so much on bad design decisions.

It's not that bad compared to a lot of other ways they might
have tried to ensure that the real user password exchange is
encrypted.  The nomachine server always uses the same key for
for the nx user and trusts the shell program to not permit
anything but the next stage login to happen.  That eliminates
the key-setup issue that you have with the freenx variation
which builds new keys during the install on each server.

-- 
  Les Mikesell
   lesmikesell@xxxxxxxxx
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux