On Thursday 28 August 2003 16:14, Alois Treindl wrote:
On Thu, 28 Aug 2003, John wrote:
On Thursday 28 August 2003 06:09, Alois Treindl wrote:I have been talking about a local inhouse network of workstations, which
Please allow me to disagree:Not so. ssh works fine, and has a far better reputation for security.
In a local (firewall protected) network of workstations, telnet,
rlogin, rsh are absolutely essential for remote administration of these
workstations.
I use openssh for all, even gaining root privilege on the local machine.
Unlike telnet, you don't have to use passwords, unlike rsh it's secure,
and unlike both it can forward X connexions.
is well secured by a firewall against the external networks.
Sounds like mine.
X-windows works directly between all these workstations, simply via the
DISPLAY variable, no need for 'X forwarding'.
I've done that. ssh is easier.
"X -query example.com" is cool too.
ssh carries a lot of security overhead, making it much slower both during
the login phase, compared to rlogin, and during file transfer (due to
Sure. I just measured it, Athlon to Pentium II 233. 619 milliseconds to connect, run the date command, terminat.
The command was this: ssh gw date
encryption of transfer content), compared with rcp for example.
Botteneck here is my 100 Mbits LAN. I do sometimes transfer significant files such as 650 Mbyte CD images.
I use ssh/scp/rsync over ssh for communication between local workstations and systems in other networks, i.e. our DMZ zone or our externally colocated servers.
But for inhouse use, in a mutually trusted set of workstations, rlogin, rsh, rcp are more convenient and efficient than ssh.
A workstation OS should include telnet/rlogin/rsh services for those who
want them. It is a serious error by Redhat to say 'only needed in server
OS'.
I chose to install OpenSSH myself before RH offered it because I find it preferable, even without considering security.