[buug] rlogin
John Landahl
john at landahl.org
Fri Nov 22 12:24:59 PST 2002
On Thursday 21 November 2002 01:02 pm, allen shao wrote:
> i know that it is not recommanded, but i just want to
> try it.
It's not that it's not recommended, it's more that it SHOULD SIMPLY NEVER BE
USED. In previous sysadmin jobs we used to seek and destroy .rlogin and
hosts.equiv files as a matter of policy. In fact, if you're using someone
else's machine you may be violating your Acceptable Use Policy by using
rlogin.
If you just want to see it work ONCE, then NEVER USE IT AGAIN, follow the
links others have recommended. Then immediately turn it off before your
machine is cracked. Maybe it already has been cracked while you were
testing it out. :)
With the existence of OpenSSH there's just no reason for these commands to
exist anymore. Aaron mentioned ssh-agent: this standard SSH command makes
ssh as easy to use as rlogin, but far *far* more secure.
Remember, not only is rlogin insecure for authentication purposes, all
communication between you and the remote computer is sent in clear text.
Anything you type while using rlogin is visible to anyone else on your
local network segment (or beyond, if you are *gasp* going across networks).
That includes, especially, passwords you type while using "su".
--
John Landahl | http://landahl.org/john
john at landahl.org | ICQ: 11191999
More information about the buug
mailing list