>> Do you feel safe having anybody >> capable of ssh'ing into nx at yourmachine? You sure there are no bugs to >> exploit in the nxserver 'shell' > > Wasn't this the same binary you just suggested making setuid - but now > you don't trust it ??? Please comment again after reading the link I > just posted. Yes this was the same binary, but only real users could exploit the setuid binary instead of anybody on earth in case of allowing anonymous logins to nx at server. Furthermore, note that I stated that I don't see any need for making the binary setuid, but it could be done if there was some drastic need - not to mention the binary could drop these priviledges before reading any input. I've read through the thread you provided and I'm not convinced. Indeed it still seems like a bad design decision to me. Why isn't the normal ssh authentication good enough for NX? And if there is some need for a different authentication than it should still - also support normal ssh by default for all the other cases - like mine - where it's not needed. Cheers, MaZe.