[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#192416: ITP: rsh-redone -- Reimplementation of remote shell tools.

On Thu, May 08, 2003 at 01:36:41PM +0100, Andrew Suffield wrote:
> > If you have a network that is already
> > secure (for example, behind a decent firewall, or a VPN), using ssh only
> > means lots of unnecessary overhead. The lack of security in rsh is not a
> > bug, it is just the way it is supposed to work.
> 
> Security should be end-to-end, not point-to-point. The sheer number of
> times a site has been compromised because their "secure" network
> wasn't and somebody was using rsh...

If you are just creating a ssh connection to localhost, then the extra
"security" created encrypting everything first is entirely pointless,
and burns CPU cycles for no good reason. I have seen people recommend
this as the best method for instance to run X programs as root (and some
X programs do *require* root, eg. ethereal).

In certain situations, you may be connecting between VPN end points, so
the VPN effectively becomes end-to-end.
-- 
Brian May <bam@debian.org>
Reply to: