[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    Re: replacing rcp with scp
From:       rbbrown () netcom ! com (Randolph B !  Brown)
Date:       1997-03-28 6:16:12
[Download RAW message or body]

Steve Kann (stevek@SteveK.COM) wrote:
: Randolph B. Brown writes:
: > Mike Rose (mrose@stsci.edu) wrote:

[snip]

: > : I want to replace the standard rcp program with something that will
: > : encrypt if possible, but that will always work.  For this application
: > : a warning that the channel is not encrypting is sufficient protection.
: > 
: > IMHO it would be both flexible and safe if a unique exit status
: > were assigned to scp to indicate "remote host doesn't have scp"
: > -- then one could write
: > 
: >     scp .....
: >     [ $? eq $MAGIC ] && rcp .....
: > 
: > Should those who want a safe scp have the capability denied
: > merely to avoid one line in a shell script?  For scp to fall
: > back automatically to mimicking rcp seems too unsafe to me.

: I really don't have any particular opinion one way or another, but I'd
: just like to point out that the scope of the problem is limited to cases
: where the user of the "client" machine (who is running scp) has very
: little control over the "server" machine (who is getting connected to).
: This means, (to me), that most people wouldn't be negatively affected by
: this at all.

: This is because, with a scp that downgrades to rcp,  you can control
: exactly whether a rcp downgrade will happen, simply by not putting the
: client machine/user in the server machines .rhosts/hosts.equiv file.

: I use scp in a bunch of automated scripts, and wouldn't be upset a bit
: if it downgraded to using rcp, simply because I don't have any entries
: in .rhosts files anywhere.

One of the services provided by ssh is protection against
spoofing of the remote host. Automatic fallback to
rsh/rcp/rlogin could prevent this. Also, automatic fallback is
vulnerable to "spoofing" of your home directory, using a
replacement with .rhosts, but no .ssh...

[prev in list] [next in list] [prev in thread] [next in thread]