From owner-freebsd-questions@FreeBSD.ORG Thu May 28 11:05:21 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E99611065676 for ; Thu, 28 May 2009 11:05:21 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: from mail-bw0-f213.google.com (mail-bw0-f213.google.com [209.85.218.213]) by mx1.freebsd.org (Postfix) with ESMTP id 6CA548FC08 for ; Thu, 28 May 2009 11:05:21 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: by mail-bw0-f213.google.com with SMTP id 9so5415510bwz.43 for ; Thu, 28 May 2009 04:05:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=R5wm8rQAMeBxUSr/UXUXDCeG+A2K/o+QeorUoLvixuY=; b=KgjeZUmqYkW8bvC+zb7we/Izlw6XVXRtLH0yy5/i/wspMXjgCZr3yC2b+EAbLnmbHO jDyZzwOH5+wUFrWzBsVjHaQ+1sDEA/Qohx7fSJfkiAUZgMtPwD/1+Rn6audZwWALrExl EMePba5Hi1Lg3YKkCF5wigg4YbTLhSt8ZEIG8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; b=p3Ov9Wk0IgHR6XMNKmxqcO+xqiNVY7AjS8DZAJdR9z1YU4nSDlruiBZaNEKtx0HYKU lydURXqsq44VE5vnSdTFLP+XJnR/hgE38jdT2GXbVkddt5xlRTFXT4tDQ/lxinT1Cp0q s/7fywzwLX29HDCE4Ng9yCl5xaZ9JjDFIwgJo= MIME-Version: 1.0 Received: by 10.204.116.15 with SMTP id k15mr1074705bkq.118.1243508721097; Thu, 28 May 2009 04:05:21 -0700 (PDT) In-Reply-To: References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <200905281041.n4SAfTHw046546@banyan.cs.ait.ac.th> From: Chris Rees Date: Thu, 28 May 2009 12:05:01 +0100 Message-ID: To: Wojciech Puchar Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Olivier Nicole , freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: utisoft@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 11:05:22 -0000 2009/5/28 Wojciech Puchar : >> rsh and ssh are so similar in use there's really no point in using rsh >> at all any more. > > there is a point. Just try to think why instead of simply repeating a phrase > "ssh is secure, rsh is not, don't use it". > rlogin has several serious security problems: * All information, including passwords, is transmitted unencrypted (making it vulnerable to interception). * The .rlogin (or .rhosts) file is easy to misuse (potentially allowing anyone to login without a password) - for this reason many corporate system administrators prohibit .rlogin files and actively search their networks for offenders. * The protocol partly relies on the remote party's rlogin client providing information honestly (including source port and source host name). A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of authenticating other machines' identities, or ensuring that the rlogin client on a trusted machine is the real rlogin client. * The common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of NFS's security faults automatically plague rlogin. Due to these serious problems rlogin was rarely used across untrusted networks (like the public internet) and even in closed deployments it has fallen into relative disuse (with many Unix and Linux distributions no longer including it by default). Many networks which formerly relied on rlogin and telnet have replaced it with SSH and its rlogin-equivalent slogin. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list?