On Fri, Jul 07, 2000 at 09:02:39AM +0930, Mark Phillips wrote: > > I've heard it said that rlogin has security problems, but I don't > understand why? And surely if there are problems, these would be > fixable? Isn't Debian supposed to be extra security fix aware? the r* commands are flawed by design, you cannot fix a flawed design, only start over and replace it. > Now you say to use ssh or telnet, but then say this is just as risky! > Why not use rlogin if it is no more risky than the alternatives? no he meant telnet is just as risky, he phrased it badly though. ssh is fine just so you configure it properly and don't permit lame passwords. > The point is that I need to offer the functionality of rlogin. When I > am elsewhere and I want to do a remote login to my machine, then I > need rlogin or some equivalent. If rlogin is currently insecure, why > don't people make it secure? What makes it so hard? people have made rlogin, rsh, and rcp secure, the secure versions have a new name however: slogin, ssh, and scp. all can be found in the ssh package. the problem with the r-commands is primarly they transmit everything including passwords in plain text, allowing the session and all passwords to be captured. plain text sessions also allow for session hijacking. telnet is guilty of the plaintext problem as well. the worse problem with r-commands is they trust remote machines based on the fact that they open ports below 1024. they also allow passwordless authentication from hostnames or IP addresses. this is inherently insecure. (granted you could refrain from doing this) the r-commands are also all suid root and must be this way to function. the less suid binaries you have the better off you are. (ssh does not need to be suid, unless you use the rsh backword compatibility mode) overall there is nothing you can do with rlogin, rsh, and rcp that you cannot do with ssh. ssh is secure, r* is not. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpmkpnnoprOQ.pgp
Description: PGP signature