Date: Thu, 28 May 2009 12:05:01 +0100 From: Chris Rees <utisoft@googlemail.com> To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> Cc: Olivier Nicole <on@cs.ait.ac.th>, freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota Message-ID: <b79ecaef0905280405w1cfa3e6en59ab1a18e20658bf@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.0905281301180.59311@wojtek.tensor.gdynia.pl> References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <alpine.BSF.2.00.0905281234430.59126@wojtek.tensor.gdynia.pl> <200905281041.n4SAfTHw046546@banyan.cs.ait.ac.th> <b79ecaef0905280352k600e2a79mef2a6b3efe41f0a3@mail.gmail.com> <alpine.BSF.2.00.0905281301180.59311@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/5/28 Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>:
>> rsh and ssh are so similar in use there's really no point in using rsh
>> at all any more.
>
> there is a point. Just try to think why instead of simply repeating a phrase
> "ssh is secure, rsh is not, don't use it".
>
rlogin has several serious security problems:
* All information, including passwords, is transmitted unencrypted
(making it vulnerable to interception).
* The .rlogin (or .rhosts) file is easy to misuse (potentially
allowing anyone to login without a password) - for this reason many
corporate system administrators prohibit .rlogin files and actively
search their networks for offenders.
* The protocol partly relies on the remote party's rlogin client
providing information honestly (including source port and source host
name). A corrupt client is thus able to forge this and gain access, as
the rlogin protocol has no means of authenticating other machines'
identities, or ensuring that the rlogin client on a trusted machine is
the real rlogin client.
* The common practice of mounting users' home directories via NFS
exposes rlogin to attack by means of fake .rhosts files - this means
that any of NFS's security faults automatically plague rlogin.
Due to these serious problems rlogin was rarely used across untrusted
networks (like the public internet) and even in closed deployments it
has fallen into relative disuse (with many Unix and Linux
distributions no longer including it by default). Many networks which
formerly relied on rlogin and telnet have replaced it with SSH and its
rlogin-equivalent slogin.
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in a mailing list?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b79ecaef0905280405w1cfa3e6en59ab1a18e20658bf>