Guys, I'd really want to stop this discussion. I've got the answer I was looking for. Thank you for that (Vitaly)!
I'm not in the mood to discuss here Weizmann's computing choices. I'm really sorry it got down to this. Thank you, Michael On Sun, 27 Mar 2005 22:50:31 +0200, Tzafrir Cohen <[EMAIL PROTECTED]> wrote: > On Sun, Mar 27, 2005 at 11:24:01AM +0200, Michael Green wrote: > > On Sun, 27 Mar 2005 10:58:31 +0200, Shachar Shemesh > > <[EMAIL PROTECTED]> wrote: > > > > > First, let me state what should, by now, be obvious to anyone. Using > > > rshost is a security hole. > > > > Shachar, you make very valid points here. Thank you. > > In fact I realize very well (I hope I do) all the risks involved in > > using rsh/rlogin/telnet mechanism. > > However our users insist on using rsh instead of ssh for various > > reasons (conservatism being of them). > > And I'm not in the position to > > fight their weak security practices. I'm here to help them with > > whatever they need and if they need rsh to be more productive (one of > > their agruments) - so be it. > > What exactly are the atvantages of rsh over ssh? > > Besides the obvious ones: > > * slightly lower cpu usage > * (slightly?) lower bandwidth usage for file transfers > * The client's code is smaller, in case you're very stressed with disk > space > > Besides those points, I can hardly find anything rsh can do and ssh > can't. And yes: ssh supports ~/.rhosts , if you'll force it. In fact, > when I was looking for reference on ~/.rhosts file a couple of years ago > on a redhat workstation, I only found it documented in ssh's docs. > > rcp's behaviour is horrible. Even worse than scp. And generally the > r-progras lack verbosity in case of trouble. > > So do them a favour and make them use ssh. It is really for their own > good. replace rsh with a symlink to ssh if you have to ;-) > > > > The second, more likely, is that the ident service is not running. > > > > it does, because I'm able to rsh into the machine from those hosts > > listed in hosts.equiv. It is my understanding that if identd/xinetd > > were not up I wouldn't be able to rsh from anywhere, right? > > Right. > > netstat -lntp | grep 51 > > -- > Tzafrir Cohen | New signature for new address and | VIM is > http://tzafrir.org.il | new homepage | a Mutt's > [EMAIL PROTECTED] | | best > ICQ# 16849755 | Space reserved for other protocols | friend > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
