[K12OSN] RSH vs SSH (was some other topic)
Les Bell
lesbell at lesbell.com.au
Wed Aug 4 23:10:04 UTC 2004
Les Mikesell <les at futuresource.com> wrote:
>>
I haven't given this a lot of thought, but off the top of my head
I think in any scenario where I could exploit rsh, I could
also steal the ssh keys from an nfs-exported /home directory.
<<
That's likely true - nfs is about as easy to exploit as rsh, especially
with its use of UDP. However, you'd still have to crack the passwords on
the ssh keys. And as nfs tightens up (e.g. 2.6 kernel introduces NFS V4,
which can use TCP) that would leave rsh as the weak link.
I'm just advocating a general principle here: use best practices as
standard operating procedure, rather than using weaker protocols as
standard and unwittingly leaving systems vulnerable. I don't think Shawn
should make life impossibly difficult for himself, but I wouldn't use rsh
until I'd exhausted the other possibilities.
Best,
--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]
More information about the K12OSN
mailing list