Re: why does rsh -l ignore .rhosts?
- From: Chris Davies <chris-usenet@xxxxxxxxxxxx>
- Date: Tue, 05 Jun 2012 21:57:18 +0100
Ralph <ralphzodapn@xxxxxxxxx> wrote:
I know rsh is old not used anymore, and ssh is the way to go, and rsh
has security issues, but i'm just testing it on a small network of 2
computers where i'm the only user and it's not open to the internet.
I'd still go with ssh, and if you want equivalence logins then set up
public/private certificates. (This is all "easy"... just ask if you're
struggling.)
It's just for familiarity with it.
Mmm, I suppose. But why bother wasting life becoming familiar with
outdated, obsolete, and insecure software for which a better replacement
is available?
My question Why is it that when you do rsh -l (to specify a different
username than the current one) Why does it ignore .rhosts?
Fundamentally it's because the trust is applied on the client side, not
on the server, and the rsh application tries hard to pretend to be fair.
http://linux.die.net/man/8/in.rshd
Also note that the design of the .rhosts system is COMPLETELY INSECURE
except on a carefully firewalled private network. Under all other
circumstances, rshd should be disabled entirely."
I'd go further than that and remove the clause "Under all other
circumstances" entirely.
Really, there are NO circumstances where rsh is better than ssh, and
many where ssh beats rsh hands down.
Chris
.
- Follow-Ups:
- Re: why does rsh -l ignore .rhosts?
- From: Ralph
- Re: why does rsh -l ignore .rhosts?
- References:
- why does rsh -l ignore .rhosts?
- From: Ralph
- why does rsh -l ignore .rhosts?
- Prev by Date: Need UCS Network Consulting Engineer
- Next by Date: Setting ECN bits in UDP packets
- Previous by thread: why does rsh -l ignore .rhosts?
- Next by thread: Re: why does rsh -l ignore .rhosts?
- Index(es):
Relevant Pages
|
