Date: Thu, 20 Jan 2000 07:08:55 -0500 (EST) From: Matt Behrens <matt@zigg.com> To: sen_ml@eccosys.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: ssh. Message-ID: <Pine.BSF.4.21.0001200705350.60583-100000@megaweapon.zigg.com> In-Reply-To: <20000120193954V.1000@eccosys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Jan 2000 sen_ml@eccosys.com wrote: > jslat> For what need, would one have to even remotely Logon to the > jslat> root account, my advice to to not even have a ~/root/.ssh to > jslat> begin with. to me it's about as silly as ~/root/.rhosts. > > i won't be surprised if others mention that it is not always practical > to do what you suggest. i beg to differ on the point that it is about > as silly as ~/root/.rhosts -- .rhosts is far worse in my opinion. Agreed. Let's not forget using ssh as a part of a toolkit where administrative scripts need to execute commands on other hosts without supplying passwords. rsh is obviously the _wrong_ way to do this. ssh seems to work quite well. (Although I must add that, for speed purposes, I'm moving instead to a homegrown client/server solution that uses RADIUS-style authentication with shared secrets -- and because it's got a limited set of things it can do, it should be a tad more secure even if compromised. ssh connection setup isn't slouchy on modern systems but the times can add up.) - -- Matt Behrens <matt@zigg.com> Owner/Administrator, zigg.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE4hvrZ+xq4JbgNGlMRAichAKCSFvN7SqTeb0iYoTaasCm1ZHclYACfXqpO z9LODx3MgCHJ8kbAjXLAjGs= =EZGJ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001200705350.60583-100000>