Hi, On Thu, May 08, 2003 at 03:18:36PM +0300, Lars Wirzenius wrote: > On to, 2003-05-08 at 14:24, Guus Sliepen wrote: > > > If you have a network that is already secure (for example, behind a decent > > firewall, or a VPN), using ssh only means lots of unnecessary > > overhead. > > No, it isn't unnecessary overhead. It is an extra layer of protection. > If your firewall happens to buggy, or gets compromised, or is > circumvented, or you can't trust everyone inside your firewall, then > using ssh internally is good for you. Such things happen and not all > that rarely. Thus, as far as I care, using rsh (any implementation) > internally is a bad idea. I think you should always realize that there's no such thing as 'free' security. It always comes at a price in terms of speed, features or convenience. This means that there is *always* a certain balance to strike. Pretending that this isn't true is one of the most dangerous things you can do. If you run a large, partly trusted internal network with powerful machines on it, then indeed, using rsh instead of ssh is a bad idea. If you run a very small network with underpowered machines, and are willing to risk /all/ machines if the bastion host is compromised, then rsh may be the proper solution. Cheers, Emile. -- E-Advies - Emile van Bergen emile@e-advies.nl tel. +31 (0)70 3906153 http://www.e-advies.nl
Attachment:
pgpIFLmjfWa1q.pgp
Description: PGP signature