[prev in list] [next in list] [prev in thread] [next in thread]
List: secure-shell
Subject: Re: replacing rcp with scp
From: rbbrown () netcom ! com (Randolph B ! Brown)
Date: 1997-03-28 6:16:12
[Download RAW message or body]
Steve Kann (stevek@SteveK.COM) wrote:
: Randolph B. Brown writes:
: > Mike Rose (mrose@stsci.edu) wrote:
[snip]
: > : I want to replace the standard rcp program with something that will
: > : encrypt if possible, but that will always work. For this application
: > : a warning that the channel is not encrypting is sufficient protection.
: >
: > IMHO it would be both flexible and safe if a unique exit status
: > were assigned to scp to indicate "remote host doesn't have scp"
: > -- then one could write
: >
: > scp .....
: > [ $? eq $MAGIC ] && rcp .....
: >
: > Should those who want a safe scp have the capability denied
: > merely to avoid one line in a shell script? For scp to fall
: > back automatically to mimicking rcp seems too unsafe to me.
: I really don't have any particular opinion one way or another, but I'd
: just like to point out that the scope of the problem is limited to cases
: where the user of the "client" machine (who is running scp) has very
: little control over the "server" machine (who is getting connected to).
: This means, (to me), that most people wouldn't be negatively affected by
: this at all.
: This is because, with a scp that downgrades to rcp, you can control
: exactly whether a rcp downgrade will happen, simply by not putting the
: client machine/user in the server machines .rhosts/hosts.equiv file.
: I use scp in a bunch of automated scripts, and wouldn't be upset a bit
: if it downgraded to using rcp, simply because I don't have any entries
: in .rhosts files anywhere.
One of the services provided by ssh is protection against
spoofing of the remote host. Automatic fallback to
rsh/rcp/rlogin could prevent this. Also, automatic fallback is
vulnerable to "spoofing" of your home directory, using a
replacement with .rhosts, but no .ssh...
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic