[K12OSN] RSH vs SSH (was some other topic)

Les Mikesell les at futuresource.com
Wed Aug 4 13:40:40 UTC 2004


On Tue, 2004-08-03 at 19:20, Les Bell wrote:

> Putting my security professional's hat on, I would *strongly* recommend
> that you use ssh rather than rsh. There are too many other things that will
> consult /etc/hosts.equiv and ~/.rhosts files, and too many problems with
> the r-commands themselves.

I haven't given this a lot of thought, but off the top of my head
I think in any scenario where I could exploit rsh, I could
also steal the ssh keys from an nfs-exported /home directory.
Both depend on the source IP for restictions so if you
can spoof that you are in.  And you might find other things
permitted by the ssh keys...

----
  Les Mikesell
   les at futuresource.com






More information about the K12OSN mailing list