Re: Secure Rlogin
From: Nick Hilliard (nick_at_foobar#delete2email#.org)
Date: Mon, 26 May 2003 10:38:45 +0100
2Host.com - Robert wrote:
> Or, to be more specific, that's basically what SSH _is_.
Not quite: ssh is a complete reimplementation from scratch which does
the same sort of things (+ lots more), but different in that it was done
the Right Way. rlogin is plain old rlogin, with all its faults and
failings, and SRP will always play second fiddle to SSH in the security
stakes: it's vulnerable to MITM attacks, and doesn't encrypt the data
stream after login. Why anyone would want to try to round off the
corners of a square wheel like rlogin is just beyond me.