tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: rshd...



>You still have to convince me (and probably tons of others) why using 
>ssh is better than ktelnet.
>I would say that they are different solutions for the same requirement.

I think I can speak relatively intelligently about this topic.

From a purely cryptographic point, there is very little debate on this
topic: ssh is much better than ktelnet (I could go on and on about this
for hours).  But I personally prefer the use of ktelnet and krlogin.

Why?  Well, due to ssh's complexity, it is very difficult to debug
problems when things go wrong.  You have a hard time even getting
the real Kerberos error message out of ssh in a number of cases.
Also, in my experience we've reached a level where there aren't (at
least in my experience) attacks against the cryptography, so even
ktelnet's not-so-wonderful protocol is fine; as long as you're doing
some kind of encryption, that moves the attacker to other things.
Also, the whole thing about the ssh developers hating Kerberos for
some strange reason doesn't really help things either.

Anyway, which one is "better" really depends one what you care about.

--Ken


Home | Main Index | Thread Index | Old Index