From owner-freebsd-stable Mon Jul 31 8:17:20 2000 Delivered-To: freebsd-stable@freebsd.org Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87]) by hub.freebsd.org (Postfix) with ESMTP id 3D40537BB97; Mon, 31 Jul 2000 08:17:16 -0700 (PDT) (envelope-from dcs@newsguy.com) Received: from newsguy.com (p47-dn02kiryunisiki.gunma.ocn.ne.jp [211.0.245.112]) by peach.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id AAA12102; Tue, 1 Aug 2000 00:17:07 +0900 (JST) Message-ID: <3985987D.5A0D8646@newsguy.com> Date: Tue, 01 Aug 2000 00:17:17 +0900 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en,pt-BR,ja MIME-Version: 1.0 To: Jon Hamilton Cc: Kris Kennaway , stable@FreeBSD.ORG Subject: Re: HEADS UP! OpenSSH FallBackToRsh default changed References: <20000731114006.238FE1D@woodstock.monkey.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jon Hamilton wrote: > > I suppose the people who run it that way that you would consider to be > "legitimate" would be folks in a mixed shop who have a mix of ssh-enabled > and non-ssh-enabled machines (to avoid argument, perhaps the latter are > out of the control of the admin of the former). Remember that ssh is > meant to be a drop-in replacement for rsh, so in the circumstance described > above, this change may violate POLA. Besides, if the target machine is > not running rshd, what is the harm in falling back to it if rsh doesn't work? > This smells like a feel-good change that will actually inconvenience some > folks, which doesn't really buy anything. We do have rsh, it's still there. Ssh is _SECURE_ shell. It having a default which is not secure is against POLA. At the very least, this change makes it more difficult for people to intercept an ssh tunnel. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@white.bunnies.bsdconspiracy.net Satan was once an angel, Gates started by writing a BASIC interpreter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message