Re: rlogind and rexecd go away? [CVS: cvs.openbsd.org: src]

[Måns Nilsson <mansaxel@sunet.se>]

--On Thursday, May 09, 2002 17:44:30 +0200 Paul de Weerd
<paul@mail.me.maar.nu> wrote:

>| There are way too many legitimate uses of telnet. Including many where
>| security isn't an issue.
> 
> But then the telnet _server_ would be up for removal, as this has no
> legitimate uses (that I know of) that SSH doesn't provide.

Have you ever heard of Kerberos? Kerberised Telnet is imho much nicer than
ssh; scales better, less of key exchange problems, etc. 

> I'd also appreciate an option where the authentication is encrypted,
> but the data isn't (compare ftp-cmd (21) is crypted, but ftp-data (20)
> is not). This would definitely reduce load on some heavily used sftp
> servers, where I would otherwise need more iron to saturate my b/w.

Kerberised ftp or rcp comes close, having auth info encrypted, though not
the command channel in its entirety. 

And ftp neeeds to stay for anon-stuff. 

-- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.