Mark Phillips <[EMAIL PROTECTED]> writes: > Andrew Sullivan [EMAIL PROTECTED] wrote: > > > Aaarrgh! Not the dreaded r-services! Don't allow them. Shut them > > off. They are evil, and a great source of amusement to all > > crackers. Use ssh, or telnet, if you must (although that's just as > > risky).
> Now you say to use ssh or telnet, but then say this is just as risky! > Why not use rlogin if it is no more risky than the alternatives? I think Andrew was only referring to telnet. It sends your password in clear text over the net. > The point is that I need to offer the functionality of rlogin. When I > am elsewhere and I want to do a remote login to my machine, then I > need rlogin or some equivalent. If rlogin is currently insecure, why > don't people make it secure? What makes it so hard? I'm not sure, but think the main insecurity of rlogin (and sisters) is that these send everything in clear text. Depending on your situation this may be a security risk. Any known security holes should be fixed in the deb. Holes and risks are not quite the same, I guess. If you need rlogin functionality, install ssh and slogin, scp or ssh instead of rlogin, rcp and rsh. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
