[H-GEN] How safe is SSH on the internet?
Robert Brockway
robert at timetraveller.org
Sun Jun 29 22:23:18 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Mon, 30 Jun 2003, Stuart Longland wrote:
> | Oh, and make sure all the rlogin legacy stuff is turned off.
>
> Yes, I might use this over the LAN, but not on the internet. I indend
Honestly there is no reason to use them at all these days. ssh/scp will
do everything that the r-tools will do and more securely. Security is
always risk assessment, so you can argue that it is acceptable to use
these tools in a completely enclosed environment. But I have 2 comments
here:
1. Situations, networks and security change. Can you be sure that a box
running rshd won't ever get exposed to a box you aren't 100% sure of.
2. Why manage two seperate sets of tools in seperate situations. If you
go to the trouble of setting up ssh for secure external access, use it
internally too.
I can reference the earlier thread that mentioned ssh-agent & friends.
You can get secure, encrypted password-less access to all of your boxes,
whether local or not, and all without ever having to look at files called
hosts.equiv or .rhosts.
Cheers,
Rob
--
Robert Brockway B.Sc. email: robert at timetraveller.org ICQ: 104781119
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list