Re: Bug#192416: ITP: rsh-redone -- Reimplementation of remote shell tools.

[Lars Wirzenius <liw@iki.fi>]

On to, 2003-05-08 at 14:24, Guus Sliepen wrote:
> On Thu, May 08, 2003 at 01:56:18PM +0300, Lars Wirzenius wrote:
> 
> > > Rsh-redone is a reimplementation of the remote shell clients and
> > > servers.  It is written from the ground up to avoid the bugs found in
> > > the standard clients and servers.
> > 
> > Such as transmitting passwords in cleartext or relying on IP numbers for
> > authentication?
> 
> Sigh, you're obviously trolling.

No, I'm not. I wanted to know whether this new software actually
addresses any of the inherent problems with the rsh suite, instead of
ignoring those and concentrating on implementation bugs.

> If you have a network that is already secure (for example, behind a decent 
> firewall, or a VPN), using ssh only means lots of unnecessary 
> overhead.

No, it isn't unnecessary overhead. It is an extra layer of protection.
If your firewall happens to buggy, or gets compromised, or is
circumvented, or you can't trust everyone inside your firewall, then
using ssh internally is good for you. Such things happen and not all
that rarely. Thus, as far as I care, using rsh (any implementation)
internally is a bad idea.

>  The lack of security in rsh is not a
> bug, it is just the way it is supposed to work.

We obviously disagree on this.