is rlogin secure?
Jim Cheetham
jim at egressive.com
Wed Mar 16 20:03:38 UTC 2005
On Wed, 2005-03-16 at 18:03 +0000, Soo-Hyun Choi wrote:
> Is rlogin secure?
No. Not in the slightest. rlogin should never be used - nor should any
of the other R commands (rsh, rcp etc)
These commands have a very simplistic trust hierarchy, that is trivially
exploitable. If anyone is running an rlogin service on an
Internet-connected port, their machine will probably be rooted
already :-)
> In Ubuntu 2.6.8.1-5-k7, the 'rlogin' has linked to 'slogin' and it is
> again linked to 'ssh'. Is this because 'rlogin' is vulnerable? If I
> insist on using 'rlogin', how do I change this settings?
You do not need to change the setting - ssh can and will use the rhost
authentication methods if asked.
But no-one does :-)
I would be interested to know why you "insist on using rlogin" - we may
be able to show you an equivalent way to use ssh.
--
-jim cheetham = jim at egressive dot com
www.egressive.com, www.effusiongroup.com
More information about the ubuntu-users
mailing list