Subject: Re: Any point to cvs using rsh? (was Re: Anoncvs pointer)
To: None <firstname.lastname@example.org>
From: Gary Thorpe <email@example.com>
Date: 12/13/2002 09:50:25
--- Chuck Yerkes <firstname.lastname@example.org> wrote: > Quoting Ron
> > Your missing the "CVS_RSH" environment variable.
> > sh:
> > export CVS_RSH=ssh
> > csh:
> > setenv CVS_RSH ssh
> > and then run the cvs command.
> Is there any reason not to just have CVS (and rsync and rdist)
> just use ssh by default?
> I mitigate it a lot by removing rsh and making it a link to
> ssh, but should we "presume" that rsh is useful for ANYTHING?
> Sure, let it be there for override (CVS_RSH=rsh), but lets
> move on.
> Between clear passwords and session highjacking, the r* commands
> are ready to die. They were Joy's hack in 4.1 (and part of 4.2),
> they're still a hack.
Why should ssh be necessary for anoncvs (i.e. what I assume to be an
anonymous, passwordless, open-to-the-public service)? Can session
hijacking be prevented by IPSEC? Does anyone actually use it?
Post your free ad now! http://personals.yahoo.ca