[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]

To: "'tech@openbsd.org'" <tech@openbsd.org>
Subject: Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]
From: Stephen Marley <stephen@openkast.com>
Date: Thu, 9 May 2002 01:09:50 +0100

Chuck Yerkes [mailto:chuck@snew.com] writes:
> 
>   ln -s ssh /usr/bin/rsh
> 
> For the last 10 years, dumps I've done have either used
> kerberized rsh or ssh or a physically separate "pocket network"
> (eg. 12 hosts wired on a spare NIC to the machine with the jukebox
> because the dumps were killing the main network).
> A neat way to steal data from secure machines is just to sniff
> the dumps going across the network.
> 
> rsh is bad, mm'kay?

Someone has kindly pointed out to me that export RSH=/usr/bin/ssh will force
ssh to be used instead of rsh for rcmd() calls, but your symlink technique
looks a little more permanent. 

One small problem is that dump doesn't let the user enter a passphrase to
ssh so key pairs seem like the best way to go.

-- 
stephen

Follow-Ups:
- Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]
  - From: bpalmer <bpalmer@crimelabs.net>
- Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]
Next by Date: Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]
Prev by thread: Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]
Next by thread: Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]
Index(es):
- Date
- Thread