SSH Compression - Block Deduplication
Nico Kadel-Garcia
nkadel at gmail.com
Wed Sep 14 14:07:09 EST 2011
On Tue, Sep 13, 2011 at 10:27 PM, Dan Kaminsky <dan at doxpara.com> wrote:
>> NX's security model is much better, and you can review it. But all the
>> freeware versions of NX are abandonware, and many of them do rude
>> things to dead farm animals in the process. Do not get me *started* on
>> the Google code published "neatx" toolkit. And *all* of them rely on
>> the older GPL published NX from NoMachine.
>>
>> I did have some concerns about their default NX private/public key
>> management for the original SSH connection as the "nx" user, to open
>> the session, but that can actually be replaced pretty easily if you're
>> concerned.
>
> SSH provides an excellent security model for X; I wouldn't object at all to
> tearing the security out of NX *or* VNC and making either of them dependent
> on what SSH provides.
Dan, NX *uses* SSH. It has a dedicated "nx" user with an sshd on an
alternative port, with a public/private user key pair and host key
management, dedicated back end that manages passing along
authentication via normal sytem enabled means, such as anything
supported by PAM, to the individual user authentication.
Basically, the X-Windows compression and user management is already
done. If someone wants to write it from scratch, they can try, but I
don't recommend it. And X is one of the few SSH access techniques
where bandwidth squeezing is most helpful.
More information about the openssh-unix-dev
mailing list