Date: Tue, 01 Aug 2000 00:17:17 +0900 From: "Daniel C. Sobral" <dcs@newsguy.com> To: Jon Hamilton <hamilton@pobox.com> Cc: Kris Kennaway <kris@FreeBSD.ORG>, stable@FreeBSD.ORG Subject: Re: HEADS UP! OpenSSH FallBackToRsh default changed Message-ID: <3985987D.5A0D8646@newsguy.com> References: <20000731114006.238FE1D@woodstock.monkey.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jon Hamilton wrote: > > I suppose the people who run it that way that you would consider to be > "legitimate" would be folks in a mixed shop who have a mix of ssh-enabled > and non-ssh-enabled machines (to avoid argument, perhaps the latter are > out of the control of the admin of the former). Remember that ssh is > meant to be a drop-in replacement for rsh, so in the circumstance described > above, this change may violate POLA. Besides, if the target machine is > not running rshd, what is the harm in falling back to it if rsh doesn't work? > This smells like a feel-good change that will actually inconvenience some > folks, which doesn't really buy anything. We do have rsh, it's still there. Ssh is _SECURE_ shell. It having a default which is not secure is against POLA. At the very least, this change makes it more difficult for people to intercept an ssh tunnel. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@white.bunnies.bsdconspiracy.net Satan was once an angel, Gates started by writing a BASIC interpreter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3985987D.5A0D8646>