[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Moving to Pserver from .rhosts
From: |
Zieg, Mark |
Subject: |
RE: Moving to Pserver from .rhosts |
Date: |
Fri, 15 Nov 2002 09:36:02 -0500 |
I'm no
fan of .rhosts on public networks, but .ssh (the directory holding the SSH
equivalent of .rhosts configuration files) is extremely secure, and proof
against all but the most robust attacks. If you read the 'man
ssh' page, it'll explain why (and how).
Basically, "why" comes down to:
* support
for a number of strong encryption algorithms
(rhosts has none)
*
short-lived session keys
*
immunity from basic IP/DNS spoofing (noticably absent from
.rhosts)
* a dozen
other handy things like encrypted bi-directional
port forwarding that make it well worth
learning in any case.
Not
learning ssh is like not learning cvs. Imagine how you think about
programmers who have never learned the wonders of version control. Or how
you look at Unix users who have never learned to use a shell properly or
mastered vi or emacs. That's how people running secure
connections look at people who are still limited to rsh/pserver.
(I'm not
saying those protocols have no place -- it's just that there are thousands of
circumstances in which they're inappropriate and downright
dangerous.)
It's a
hill that is worth climbing, because once you reach the peak, you realize the
vistas you were missing down in the valley of the unauthenticated
:-)
my 10
bits...
This
is the second reply that implies that .rhosts is superior to pserver - can
someone explain why?
I had to make
this decision recently and concluded that pserver was the prefered way...
- Re: Moving to Pserver from .rhosts, (continued)
- Re: Moving to Pserver from .rhosts, Fredrik Wendt, 2002/11/15
- Re: Moving to Pserver from .rhosts, Greg A. Woods, 2002/11/15
- RE: Moving to Pserver from .rhosts, Shankar Unni, 2002/11/15
- RE: Moving to Pserver from .rhosts, Greg A. Woods, 2002/11/15
- Re: Moving to Pserver from .rhosts, Mike Ayers, 2002/11/16
- Re: Moving to Pserver from .rhosts, Fredrik Wendt, 2002/11/16
- Re: Moving to Pserver from .rhosts, Greg A. Woods, 2002/11/16
- Re: Moving to Pserver from .rhosts, Jenn Vesperman, 2002/11/16
- Re: Moving to Pserver from .rhosts, Greg A. Woods, 2002/11/16
- Re: Moving to Pserver from .rhosts, Fredrik Wendt, 2002/11/16
RE: Moving to Pserver from .rhosts,
Zieg, Mark <=