[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Moving to Pserver from .rhosts

From: Zieg, Mark
Subject: RE: Moving to Pserver from .rhosts
Date: Fri, 15 Nov 2002 09:36:02 -0500

I'm no fan of .rhosts on public networks, but .ssh (the directory holding the SSH equivalent of .rhosts configuration files) is extremely secure, and proof against all but the most robust attacks.  If you read the 'man ssh' page, it'll explain why (and how).
Basically, "why" comes down to:
* support for a number of strong encryption algorithms 
  (rhosts has none)
* short-lived session keys
* immunity from basic IP/DNS spoofing (noticably absent from .rhosts)
* a dozen other handy things like encrypted bi-directional
  port forwarding that make it well worth learning in any case.
Not learning ssh is like not learning cvs.  Imagine how you think about programmers who have never learned the wonders of version control.  Or how you look at Unix users who have never learned to use a shell properly or mastered vi or emacs.  That's how people running secure connections look at people who are still limited to rsh/pserver. 
(I'm not saying those protocols have no place -- it's just that there are thousands of circumstances in which they're inappropriate and downright dangerous.)
It's a hill that is worth climbing, because once you reach the peak, you realize the vistas you were missing down in the valley of the unauthenticated :-)
my 10 bits...
-----Original Message-----
From: address@hidden [mailto:address@hidden
Sent: Thursday, November 14, 2002 2:20 AM
To: address@hidden
Subject: Re: Moving to Pserver from .rhosts

This is the second reply that implies that .rhosts is superior to pserver - can someone explain why?

I had to make this decision recently and concluded that pserver was the prefered way...

reply via email to

[Prev in Thread] Current Thread [Next in Thread]