rsh

Jakob Oestergaard jakob at unthought.net
Wed Sep 24 12:25:57 EDT 2003


On Tue, Sep 23, 2003 at 08:32:03PM -0400, Robert G. Brown wrote:
...
> The issue can also be avoided (as Josip notes) by using LAM or PVM,
> which spawn a daemon via ssh but subsequently start tasks without any
> shell-level overhead at all.

A fair guess would be, that this connection/communication is not
encrypted or strongly authenticated in any way.

The resulting security benefit of SSH being null and void.

There can be other good reasons for using SSH, probably ease of use if
you're used to it, X forwarding, and other niceties.


My point here is, that the chain is no stronger than the weakes link.

...
> 
> In many environments, the time wasted by ONE successful password crack
> due to snooping is far, far greater than any number of rsh margins.

You don't use NFS?

If you do, I can put anything in your .bashrc anyway.


I use SSH for anything with an 'outside' connection. Typically, SSH will
even be firewalled so that only a few select machines can connect to
even that service.

For internal systems, I am fully aware that since I run NFS, NIS, and
some clustering services anyway, running SSH would buy me *zero*
security.  I treat the network as the computer.  Any outside link is
firewalled and SSH'ed as appropriate, but internally 'inside the network
computer', I have just as much encryption as you have between the PCI
slots in your computer.

-- 
................................................................
:   jakob at unthought.net   : And I see the elder races,         :
:.........................: putrid forms of man                :
:   Jakob Østergaard      : See him rise and claim the earth,  :
:        OZ9ABN           : his downfall is at hand.           :
:.........................:............{Konkhra}...............:
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list