RE: Moving to Pserver from .rhosts

[Zieg, Mark]

I'm no fan of .rhosts on public networks, but .ssh (the directory holding the SSH equivalent of .rhosts configuration files) is extremely secure, and proof against all but the most robust attacks.  If you read the 'man ssh' page, it'll explain why (and how).

 

Basically, "why" comes down to:

 

* support for a number of strong encryption algorithms 

  (rhosts has none)

* short-lived session keys

* immunity from basic IP/DNS spoofing (noticably absent from .rhosts)

* a dozen other handy things like encrypted bi-directional

  port forwarding that make it well worth learning in any case.

 

Not learning ssh is like not learning cvs.  Imagine how you think about programmers who have never learned the wonders of version control.  Or how you look at Unix users who have never learned to use a shell properly or mastered vi or emacs.  That's how people running secure connections look at people who are still limited to rsh/pserver. 

 

(I'm not saying those protocols have no place -- it's just that there are thousands of circumstances in which they're inappropriate and downright dangerous.)

 

It's a hill that is worth climbing, because once you reach the peak, you realize the vistas you were missing down in the valley of the unauthenticated :-)

 

http://www.openssh.org/

http://www.oreilly.com/catalog/sshtdg/

 

my 10 bits...

 

 

-----Original Message-----
From: address@hidden [mailto:address@hidden
Sent: Thursday, November 14, 2002 2:20 AM
To: address@hidden
Subject: Re: Moving to Pserver from .rhosts

This 
is the second reply that implies that .rhosts is superior to pserver - can 
someone explain why? 

I had to make 
this decision recently and concluded that pserver was the prefered way...