I'm no
fan of .rhosts on public networks, but .ssh (the directory holding the SSH
equivalent of .rhosts configuration files) is extremely secure, and proof
against all but the most robust attacks. If you read the 'man
ssh' page, it'll explain why (and how).
Basically, "why" comes down to:
* support
for a number of strong encryption algorithms
(rhosts has none)
*
short-lived session keys
*
immunity from basic IP/DNS spoofing (noticably absent from
.rhosts)
* a dozen
other handy things like encrypted bi-directional
port forwarding that make it well worth
learning in any case.
Not
learning ssh is like not learning cvs. Imagine how you think about
programmers who have never learned the wonders of version control. Or how
you look at Unix users who have never learned to use a shell properly or
mastered vi or emacs. That's how people running secure
connections look at people who are still limited to rsh/pserver.
(I'm not
saying those protocols have no place -- it's just that there are thousands of
circumstances in which they're inappropriate and downright
dangerous.)
It's a
hill that is worth climbing, because once you reach the peak, you realize the
vistas you were missing down in the valley of the unauthenticated
:-)
my 10
bits...
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 14, 2002 2:20 AM
To: [EMAIL PROTECTED]
Subject: Re: Moving to Pserver from .rhosts
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 14, 2002 2:20 AM
To: [EMAIL PROTECTED]
Subject: Re: Moving to Pserver from .rhosts
This is the second reply that implies that .rhosts is superior to pserver - can someone explain why?
I had to make this decision recently and concluded that pserver was the prefered way...