[Please don't copy questions of this type to me personally - or I guess
most of the other list of recipients. It tends to get you nothing or
possibly rude comments in reply]
[EMAIL PROTECTED] said:
} When I try to rlogin from 1.1.1.1 to 4.4.4.4 I get a response:
} rlogind: Permission denied.
rlogin/rsh relies for its "security" on the sender being at a known IP
address and using a privileged port. Masquerading remaps all the ports
into a high range of ports, hence it breaks rlogin/rsh.
This should not be looked on as a disadvantage of masquerading. Firstly
even if the port was mapped into the right range (so that it worked) you
have just broken your trust model - rather than trusting a listed set of
machines to use rlogin/rsh you now have to trust the masq machine and
*all* machines behind it. Secondly the r-protocols are insecure and
should never be enabled on a machine connected to the internet.
The answer is to use ssh instead - in particular you need to use personal
certificates rather than per-host certificates since masq breaks the
host<->host mapping.
Nigel.
--
[ [EMAIL PROTECTED] - Systems Software Engineer ]
[ Tel : +44 113 207 6112 Fax : +44 113 234 6065 ]
[ Real life is but a pale imitation of a Dilbert strip ]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
