Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?
From: Logan Shaw (logan@cs.utexas.edu)Date: 02/08/02
- Next message: Tony: "ssh and redhat"
- Previous message: Richard E. Silverman: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- In reply to: Richard E. Silverman: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- Next in thread: Gerd Marquardt: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: logan@cs.utexas.edu (Logan Shaw) Date: 7 Feb 2002 18:32:08 -0600
In article <m1lpu3gx3sb.fsf@syrinx.oankali.net>,
Richard E. Silverman <slade@shore.net> wrote:
>Why not engineer even an isolated network to be reasonably secure, so that
>you don't have an enormous pile of work to do should you decide to connect
>it up to something else at a later date.
>
>And if it *is* connected to the Internet -- even through the best
>firewalls and security you can muster -- then using something better than
>rsh should at least be considered. It's called "security in depth," and
>it's a good idea. It recognizes that parts of your armor may fail, even
>if you can't imagine how, and it will be better if it doesn't take one
>part failing to expose the "soft chew underbelly" Nico referred to
>earlier.
>
>You may decide SSH isn't worth the trouble, but you'll be making a
>conscious security tradeoff; it isn't "just fine."
I guess we're operating under different assumptions. I'm operating
under the assumption that it's going to be necessary to remotely login
from one machine to another in a fashion that doesn't require user
intervention, in order to have cron jobs do things like backups and
automated system admin tasks (like checking whether every system has a
current set of patches, for example).
Given that assumption, I don't see why ssh provides all that much
security benefit over rsh _if_ your network is physically secure.
Yes, you can snoop passwords, but the whole point of setting up rsh in
the first place is to not need passwords. I suppose ssh does provide
better protection against session hijacking that rsh does, but if
you're using a switched network, that's not much of a benefit.
By the way, I decided to keep comp.unix.solaris in this branch of the
thread since that's where I'm reading it.
- Logan
-- "I'll tell you something. Luxury disgusts me." Giorgio Armani, Jan 17, 2002 ( http://dailynews.yahoo.com/h/nm/20020117/re/life_fashion_armani_dc_1.html )
- Next message: Tony: "ssh and redhat"
- Previous message: Richard E. Silverman: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- In reply to: Richard E. Silverman: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- Next in thread: Gerd Marquardt: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
