Date: Fri, 15 Sep 2000 18:42:09 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Will Andrews <will@physics.purdue.edu>, Daniel Eischen <eischen@vigrid.com>, Steve Kargl <sgk@troutmask.apl.washington.edu>, arch@FreeBSD.ORG Subject: Re: Rsh/Rlogin/Rcmd & friends Message-ID: <Pine.NEB.3.96L.1000915183414.50219B-100000@fledge.watson.org> In-Reply-To: <200009152050.e8FKojS25996@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Sep 2000, Cy Schubert - ITSD Open Systems Group wrote: > > You misinterpreted me. I meant in this specific case, post-install > > operation doesn't matter. People can use ssh to get in the machines to > > do things rsh/rlogin/rcmd offer. > > They can also use ssh to get to machines to do things that telnet (IMO > similar function as rlogin). Sftp can be used to replace ftp. FTP is a widely deployed software distribution service, which even the FreeBSD project uses. There's no anonymous sftp, and such a service would be undesirable for performance and security reasons, due to ssh's adoption of keys in the keyfile to connect to a host -- accepting a key for anonymous access should not be the same as accepting it for authenticated access, but there is no trust level service in the SSH keyfile. Also, last I checked, out sftp port did something stupid with regards to path handling -- it relies on sftpserv being in the path, accessible by the ssh daemon. We hard-coded the path making it non-portable to other platforms, where /usr/libexec is *not* the location of sftpserv. Attempting to sftp to a platform with sftpserv in a different path fails as a result of this modification. Sftpserv is intended to reside in the default path for sshd. Not to mention that sftp is not a standized protocol. > Not including telnet and ftp in this discussion is inconsistent. Not including either would be a mistake -- just disable them in inetd.conf. We have SSH, which means we support secure service. Telling the rest of the world to be damned and removing countless tightly integrated and well-supported services would be foolish. Remember: tools not policy. I use telnet and ftp all the time with perfect safety. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000915183414.50219B-100000>