[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freenx-knx
Subject:    AW: [FreeNX-kNX] Alioth projekt for FreeNX debian packages
From:       "Felix Schumacher" <felix.schumacher () debeka ! de>
Date:       2005-06-15 7:13:18
Message-ID: !~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAk+diEAtS1hGq7gBQ2kHGRMKAAAAQAAAArw7YFZ/wnkWjmYJbRI9WpwEAAAAA () debeka ! de
[Download RAW message or body]

Hi all,

if "nxsetup --setup-nomachine-key" installs a pre-computed ssh private
key 
for use with the secure channel. I believe anyone could intercept this
secure 
Channel with a "man in the middle" attack. And get the clear-text
passwords 
for the user, which are sent over the (than not so) secure channel.

And that would be a risk. Which could be avoided by creating an own 
private/public key pair and distributing that private key to your 
servers and the public key to your clients.

I hope I didn't confuse more people, and didn't talk to much rubbish.

Bye
 Felix

-----Ursprüngliche Nachricht-----
Von: Kurt Pfeifle [mailto:k1pfeifle@gmx.net] 
Gesendet: Mittwoch, 15. Juni 2005 03:46
An: freenx-knx@kde.org
Betreff: Re: [FreeNX-kNX] Alioth projekt for FreeNX debian packages


On Wednesday 15 June 2005 00:03, Paul van der Vlis wrote:

> apt-get install nxserver nxagent
> nxsetup --setup-nomachine-key
> 
> This is not really secure, 

To be honest, this is a sentence of ... shall I say "pure rubbish"? 


_______________________________________________
FreeNX-kNX mailing list
FreeNX-kNX@kde.org
https://mail.kde.org/mailman/listinfo/freenx-knx

[prev in list] [next in list] [prev in thread] [next in thread]