tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: rshd...
On 15/07/2012, at 8:43 PM, Anders Magnusson wrote:
> On 07/14/2012 11:18 PM, Lloyd Parkes wrote:
>> On 15/07/2012, at 8:49 AM, Anders Magnusson wrote:
>>
>>> On 07/14/2012 10:45 PM, Lloyd Parkes wrote:
>>>> On 15/07/2012, at 1:59 AM, Darren Reed wrote:
>>>>
>>>>> In doing test development for ipfilter, I've become aware of what I'd
>>>>> consider to be a bug in rshd
>>>> Is there any way at all that anyone can justify shipping rshd and friends
>>>> as part of NetBSD? The only justification I can think of would be if rsh
>>>> can do host verification via Kerberos, but ssh could do that too with the
>>>> appropriate patches. At least telnet is a useful network diagnostic tool.
>>>> Hmm, if we stopped shipping telnetd, would anyone notice?
>>>>
>>> There are (still) lots of systems that only can use rsh to communicate that
>>> nothing can be done about.
>> You are going to have to name them because the reason I suggested this is
>> that I can't think of any. Even Cisco routers speak ssh these days. Also, as
>> with telnet, shipping the server component is separate from shipping the
>> client. The servers could all be moved to pkgsrc. Possibly with a new
>> category called "insecurity" so people know everything in there is a bad
>> idea. ;-)
> There are Windows applications that uses rsh to transfer data (to other
> systems).
> I have worked with a data collector unit where data was fetched via rsh.
> To do remote execution from Sintran systems you use rsh (probably not the
> most common case though)
That's why I think anything that is removed from base.tgz should go into
pkgsrc. Just because we can do some housekeeping, doesn't mean everyone else
will.
> You still have to convince me (and probably tons of others) why using ssh is
> better than ktelnet.
> I would say that they are different solutions for the same requirement.
I run a kerberised ssh in order to get ssh flexibility with all the k goodness.
I understand that ssh is neither a perfect answer, nor the only answer. I'm
just scratching my head and realising that I haven't needed to use any of the r
commands for over a decade.
Cheers,
Lloyd
Home |
Main Index |
Thread Index |
Old Index