From owner-freebsd-stable Fri Oct 13 13:24:43 2000 Delivered-To: freebsd-stable@freebsd.org Received: from yertle.kciLink.com (yertle.kciLink.com [205.252.34.9]) by hub.freebsd.org (Postfix) with ESMTP id 517DA37B66E for ; Fri, 13 Oct 2000 13:24:37 -0700 (PDT) Received: from onceler.kciLink.com (onceler.kciLink.com [205.252.34.3]) by yertle.kciLink.com (Postfix) with ESMTP id 8627A2E449 for ; Fri, 13 Oct 2000 16:24:32 -0400 (EDT) Received: (from khera@localhost) by onceler.kciLink.com (8.11.1/8.11.1) id e9DKOWr96533; Fri, 13 Oct 2000 16:24:32 -0400 (EDT) (envelope-from khera) From: Vivek Khera MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14823.28544.576629.49007@onceler.kciLink.com> Date: Fri, 13 Oct 2000 16:24:32 -0400 (EDT) To: stable@freebsd.org Subject: turning off rcmd is premature X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Earlier this week, the rcmd (rshd/rlogin) service was turned off by default for new installs, and if you let mergemaster update your config to the current "recommended" settings. I think this is premature. From where I sit, at least one more thing needs to be updated to allow using ssh before rcmd can be turned off. That is rmt. As it stands, new installs by default will not be able to do remote dumps properly until rshd is enabled in both inetd.conf and pam.conf. If rmt supported ssh as a transport (apparently OpenBSD's version does), then it would make sense to turn off rshd totally. I understand that the default config is just that, but there should be some consideration as to it being sensible. For myself, I protect rshd using tcpwrappers, so I'm not too worried about it for doing the dumps. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: khera@kciLink.com Rockville, MD +1-301-545-6996 GPG & MIME spoken here http://www.khera.org/~vivek/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message