Re: Does OpenSSH use RCP?

---

• From: Volker Birk <bumens@xxxxxxxxxxx>
• Date: 1 Feb 2006 08:42:21 +0100

---

Dimitri Maziuk <dima@xxxxxxxxx> wrote:
> Volker Birk sez:
> > Dimitri Maziuk <dima@xxxxxxxxx> wrote:
> >> Even SSL is often criticized for doing two
> >> things -- encryption and authentication -- in one protocol.
> > I cannot see, why SSL should be critizised for that.
> Because "one piece does one thing only" is the way we manage
> complexity and thus reduce the number of implementation bugs.

Yes. And you can go over the top, too.

> >> And then ssh comes along and crams interactive logins, file
> >> transfer and remote command execution into a single protocol,
> > SSH has the concept of subsystems. And this seems not very dumb to me.
> > If you want to, those subsystems are protocols in higher layers for SSH.
> It's not "if I want to", it's rtfrfc: show me separate protocol
> definitions for these subsystems in there. 

Just enter "ssh" into the searching machine of www.rfc-editor.org,
and read yourself.

> >> One connection - one application model doesn't work, never has.
> > I cannot see that. There are many protocols beside FTP, which don't
> > have this problem.
> One is enough. As in, to disprove "for all protocols p one connection
> - one application model works" it's enough to find one p for which it
> doesn't: discrete math 101.

This is ridiculous. Please calm down.

> >> Its results are sendmail (see Morris Worm)
> > You're talking about buggy implementations again.
> Largely thanks to complexity resulting from trying to fit a
> peer-to-peer application into "ein client, ein server, eine
> kleine pipe in between" model. (In this case the fault is more
> with "one client, one server" part, though.)

Don't think so. Sendmail is crazy for reasons, which have nothing to do
with what you're claiming. And the Morris worm uses exploits. This has
nothing to do with protocols.

> >> and more recently corba.
> > What is your problem with IIOP for the matters of this discussion?
> Same as FTP: multiple connections per session. Any RPC protocol should
> have out of band error signalling (read: second connection opened from
> server back to the client -- exactly like FTP does transfers), when it
> expands to fully distributed programming system, you get multiple
> connections from multiple hosts.

You cannot compare IIOP to FTP, can you? These protocols have completely
different jobs, and they're not very similar in design. IIOP is a
specialization of GIOP for the TCP/IP network protocol family. But anyway:

The "two sockets" you may have watched are a result of the unidirectional
design of GIOP 1.0 or 1.1. They have nothing to do with out of band data.
Since GIOP 1.2 there is bi-directional communication with GIOP (and there-
fore, with IIOP), so you don't need two sockets in any situation any more,
see chapter 15.8 of CORBA specification.

The design was changed, because it is more convenient for firewalling
purposes. And this is exactly, what I'm requesting for FTP.

> Corba traffic does not pass through packet filters.

This is wrong. And it is wrong for trivial filtering implementations at
least since GIOP 1.2

Yours,
VB.
-- 
Netzwerkgrundlagen anhand Windows lernen zu wollen ist doch wie seine
ersten sexuellen Erfahrungen mit einer Prostituierten zu sammlen: Die
Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die
Chance sich einen Schädling einzufangen ist hoch. (Lukas Graf in d.c.s.m)
.

---

• References:
  • Re: Does OpenSSH use RCP?
    • From: Dimitri Maziuk

• Prev by Date: Re: Does OpenSSH use RCP?
• Next by Date: Re: Does OpenSSH use RCP?
• Previous by thread: Re: Does OpenSSH use RCP?
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Size checking? ... > of OOP. ... >> way to go at least for the HTTP files. ... >> won't) provide the same file via FTP, ... >> protocols to their common factors. ... (perl.beginners) iptables questions ... FORWARD chain because if no connection has been established from my ... the packet will be handled by the INPUT ... supported and how would I go about having other protocols recognised? ... (comp.os.linux.security) Re: ISA - Block External IP from Accessing Server ... Under protocols I see an All Outbound and All Out Except, but I don't see a all Inbound. ... here is what you could do to quickly make a firewall ... As an example "Block certain IPs FTP access". ... I can't stress enough that this isn't as effective a policy as ... (microsoft.public.windows.server.sbs) Re: VPN Error 733, Event Log Error 20050 with SBS 2003 ... I have run through the remote access wizard in order to enable VPN ... The connection to the remote computer could not be completed. ... encryption and authentication protocols. ... (microsoft.public.windows.server.sbs) Re: Does OpenSSH use RCP? ... SSH has the concept of subsystems. ... those subsystems are protocols in higher layers for SSH. ... If you agree with me, that FTP is ugly, why do you argue? ... Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die ... (comp.security.unix)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)