tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: rshd...



>> Why?  Well, due to ssh's complexity, it is very difficult to debug
>> problems when things go wrong.  You have a hard time even getting the
>> real Kerberos error message out of ssh in a number of cases.
>
>This is a quality-of-implementation issue, not anything inherent to
>Kerberized ssh.

I agree ... but are we talking about "ssh the protocol" versus
"Kerberized telnet the protocol", or the actual code that you have
to use on a daily basis?  Essentially there is one major ssh
implementation in widespread use (at least one that supports
Kerberos), so in my mind that's the real issue.  And that has some
pernicious effects ... when the ssh developers hate Kerberos, the
distributed versions of ssh don't have good Kerberos support.  That
makes it hard to deploy ssh with Kerberos support.  Yes, you can
distribute your own versions, and I've been part of that ... but
that's a gigantic pain in the ass.

--Ken


Home | Main Index | Thread Index | Old Index