Quoting Rick Kelly (rmk@toad.rmkhome.com):
> jeffrey@jeffreyf.net said:
> 
> >I don't agree. Besides, the programs are available to anyone who needs
> >them as a package. 
> 
> I guess you've never worked on any projects that were COMPLETELY firewalled
> away from the internet or not connected at all.

If it's two system on a LAN with nothing else attached,
no harm in securing the connections.  Possible harm in
not securing them.

I believe enough of us have dealt with sites that have
absolutely NO connection to the Internet -- yet there
seem to be connections.  I recall the joys of desktop
users snagging fax lines, dialing out and accidentally
becoming a router.  I recall having problems with mail
and doing a traceroute and finding that the machine in
the lab (COMPLETELY firewalled off) was passing the packets
out a T1 to a partner.

So no, I don't believe in completely firewalled.

Cleartext transit of passwords is not acceptable over wires.
Cleartext of payload MAY be acceptable or not depending on the
data.

But my SPARC 2 can run SSH.  My SPARC 1's and Sun3's ran
Kerberos just fine back in the day.

If perhaps 1% of folks who use command lines can actually
justify rshd/rlogind/telnetd, then perhaps a port/package
can meet their needs without endangering the others who
are using it because they don't know better.

My MOM uses ssh from her Mac to get to her mail.