tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: rshd...

On Sun, Jul 15, 2012 at 08:45:44AM +1200, Lloyd Parkes wrote:
> Is there any way at all that anyone can justify shipping rshd and
> friends as part of NetBSD?

Connections to local systems where the target system is slow (or very
busy) and the ssh key generation (etc) takes too long.

What is definitely wrong is to symlink rsh to ssh. If I type 'rsh foo'
I want to run the rsh protocol, not ssh.
Or maybe I what the SYSV 'restricted' shell :-)

> The only justification I can think of would be if rsh can do host
> verification via Kerberos, but ssh could do that too with the
> appropriate patches.

Certainly the rsh and telnet daemons should have warnings about security
butthere are networks where that doesn't matter.

> At least telnet is a useful network diagnostic tool.

Indeed, I mostly run if with non-standard port numbers.
Some linux distros have removed it, hopeless.

> Hmm, if we stopped shipping telnetd, would anyone notice?



David Laight:

Home | Main Index | Thread Index | Old Index