From owner-freebsd-questions@FreeBSD.ORG Sun Mar 11 11:28:33 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 386C816A407 for ; Sun, 11 Mar 2007 11:28:33 +0000 (UTC) (envelope-from howie@thingy.com) Received: from mail.thingy.com (wotsit.thingy.com [212.21.100.67]) by mx1.freebsd.org (Postfix) with ESMTP id 8087F13C442 for ; Sun, 11 Mar 2007 11:28:32 +0000 (UTC) (envelope-from howie@thingy.com) Received: (qmail 23361 invoked by uid 0); 11 Mar 2007 11:28:31 +0000 Received: from unknown (HELO ?192.168.1.12?) (howie@thingy.com@212.21.124.49) by wotsit3.thingy.com with AES256-SHA encrypted SMTP; 11 Mar 2007 11:28:31 +0000 Message-ID: <45F3E7E6.6060908@thingy.com> Date: Sun, 11 Mar 2007 11:28:38 +0000 From: Howard Jones User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: Wojciech Puchar References: <20070310224946.K10353@chylonia.3miasto.net> <20070311081618.F66000@chylonia.3miasto.net> <45F3DF87.1090503@thingy.com> <20070311120541.Y90539@chylonia.3miasto.net> In-Reply-To: <20070311120541.Y90539@chylonia.3miasto.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: [freebsd-questions] [freebsd-questions] root login with telnetd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 11:28:33 -0000 Wojciech Puchar wrote: > so generalizing that "telnet and rsh is bad" is as stupid as telling > that oxygen is bad as it makes fires. Well, that's true, but if you have the choice, there are better choices. You *can* hammer in nails with the butt of a gun, but there's a chance you'll somehow shoot yourself in the arm. A hammer doesn't have that risk. There have been *many* problems over the years with rsh and telnet. rsh's security model comes from a time when people thought computers would never lie to each other. SSH does allow you to give only enough access, with the side-benefits (in your case) of compression and encryption. Even if you used ssh without those, the key-based authentication is still safer, and the code more modern and securely designed.