Date: Mon, 31 Jul 2000 06:40:06 -0500 From: Jon Hamilton <hamilton@pobox.com> To: Kris Kennaway <kris@FreeBSD.org> Cc: stable@FreeBSD.org Subject: Re: HEADS UP! OpenSSH FallBackToRsh default changed Message-ID: <20000731114006.238FE1D@woodstock.monkey.net> In-Reply-To: Your message of "Mon, 31 Jul 2000 00:56:54 PDT." <Pine.BSF.4.21.0007310053570.70721-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.21.0007310053570.70721-100000@freefall.freebsd.org>, Kri s Kennaway wrote: } I've changed the default value of FallBackToRsh from 'yes' to 'no' in the } ssh_config file - the meaning is pretty obvious: the SSH client won't try } and connect via rsh if it can't connect via SSH. It's pretty silly default } behaviour since most people who are running SSH probably aren't running } rsh (or shouldn't be) and I don't expect it to bother anyone since you can } just turn it back on if you're one of the few who likes it. I suppose the people who run it that way that you would consider to be "legitimate" would be folks in a mixed shop who have a mix of ssh-enabled and non-ssh-enabled machines (to avoid argument, perhaps the latter are out of the control of the admin of the former). Remember that ssh is meant to be a drop-in replacement for rsh, so in the circumstance described above, this change may violate POLA. Besides, if the target machine is not running rshd, what is the harm in falling back to it if rsh doesn't work? This smells like a feel-good change that will actually inconvenience some folks, which doesn't really buy anything. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000731114006.238FE1D>