Date: Wed, 1 Mar 1995 23:16:57 -0800 (PST) From: dima@FreeBSD.org (Dima Ruban) To: gary@wcs.uq.oz.au (Gary Roberts) Cc: mark@grondar.za, hackers@FreeBSD.org Subject: Re: key exchange for rlogin/telnet services? Message-ID: <199503020716.XAA25547@freefall.cdrom.com> In-Reply-To: <9503020315.AA20808@wcs.uq.edu.au> from "Gary Roberts" at Mar 2, 95 01:15:34 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Gary Roberts writes: > > [..skipped..] > > If you are linking to a remote server from a single user box (ie you and > root are the only entries with shells in the password file) with tcp > wrappers applied at both ends and the server machine having a very > restricted user base as well (five very trusted users), is it safe to > use the `hosts.equiv' mechanism to allow rlogins without passwords? No! Old TCP sequences problem. > My (possibly naive) reasoning is that if you are not passing a password > then it can't be sniffed. I guess I won't be surprised to see someone > highlighting other dangers that this approach causes but as I don't > understand the subtleties of security issues, I thought I'd ask and see > what howls of despair are unleashed :->. > > Cheers, > -- > Gary Roberts (gary@wcs.uq.edu.au) (Ph +617 844 0400 Fax +617 844 0444) > 4th Floor, South Bank House, 234 Grey St, South Bank QLD 4101 Australia. > -- dima
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199503020716.XAA25547>