[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#192416: ITP: rsh-redone -- Reimplementation of remote shell tools.



Hi,

On Fri, May 09, 2003 at 12:07:12AM +1000, Russell Coker wrote:

> On Thu, 8 May 2003 22:36, Andrew Suffield wrote:
> > Security should be end-to-end, not point-to-point. The sheer number of
> > times a site has been compromised because their "secure" network
> > wasn't and somebody was using rsh...
> 
> Even that isn't enough IMHO.
> 
> I have my machines configured such that ssh can't provide administrative 
> access, and even if someone cracks sshd it can't grant such access.  Then 
> after someone logs in via ssh they have to re-authenticate before getting 
> full access.

This really leaves me wondering. Do you go through this trouble for
*any* network, even the small one between, say, your webserver farm and
a MySQL server, which, ahum, incidentally also authenticates based on
source IP, username and cleartext password?

You're not saying you tunnel that trough SSH, do you?

If not, I hope we've finally recognised that there are different classes
of networks with different security requirements.

Cheers,


Emile.

-- 
E-Advies - Emile van Bergen           emile@e-advies.nl      
tel. +31 (0)70 3906153           http://www.e-advies.nl    

Attachment: pgpKmUsQoSBmJ.pgp
Description: PGP signature


Reply to: