Re: Bug#192416: ITP: rsh-redone -- Reimplementation of remote shell tools.
On Thu, May 08, 2003 at 01:24:58PM +0200, Guus Sliepen wrote:
> On Thu, May 08, 2003 at 01:56:18PM +0300, Lars Wirzenius wrote:
>
> > > Rsh-redone is a reimplementation of the remote shell clients and
> > > servers. It is written from the ground up to avoid the bugs found in
> > > the standard clients and servers.
> >
> > Such as transmitting passwords in cleartext or relying on IP numbers for
> > authentication?
>
> Sigh, you're obviously trolling. If you have a network that is already
> secure (for example, behind a decent firewall, or a VPN), using ssh only
> means lots of unnecessary overhead. The lack of security in rsh is not a
> bug, it is just the way it is supposed to work.
A decent firewall doesn't make you immune to infiltration. I for one
have never had any inconvenience by ssh. I use ssh-agent, and I login
around my network with ease from my desktop. None of the insecurities
nor the hardship.
I know of very large networks that were compromised on a single
machine, and that access allowed them to spread to over 200 other
machines for no other reason than telnet and rsh were in use around the
network. They considered themselves impervious because of their border
security, which failed them. You see, you have to allow some ports into
your network....just one port, to one service is potential for security
being circumvented.
I'm not against this package. What I am against is if you tout it as
having none of the problems of RSH. It has all of the design flaws
inherent in the protocol. You need to make that obvious, and only tout
this as a rewrite, better code and nothing more.
--
Debian - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
Deqo - http://www.deqo.com/
Reply to: