Freebsd minicom9/16/2023 ![]() ![]() Now, this is all balanced against the fact that you probably will use ssh anyway - and a hole in ssh(d) will likely be catastrophic - so in the balance, you might be better off managing one secure infrastructure. ![]() That said, there are a few cases where I could see a case being made for rsh etc w/kerberos: containers/vms - networking limited to a single physical host, with trusted clients/vms etc.Ī "modern" network with ipv6+802.1x+ipsec - a situation where you trust the ip6-address just as much, or more than, a typical ssh host key (typical ssh is set up with trust-on-first use, not with expiring certificates). History has thought us that we should probably be wary of "secure" networks. I mean, it's mostly harmless, as long as you know enough to never use them and never allow any software you run to use them, but still.why leave a bomb just laying around? This is sort of an argument against that theory there's nothing reasonable about having rsh/rcp/etc. I like that aspect because people with good judgement are in charge of the platform itself and you can just sort of assume the default installation is cohesive, secure, and has reasonable defaults. One of the (few) things I like about the BSDs over Linux is that there is a core system that is maintained by a unified team working closely together in the same repos and with the same communication channels and the like, and following the same standards for docs, interfaces, etc. But, it seems like these are in the core FreeBSD installation, which is borderline crazy. If they were in ports and just kinda stuck around due to inertia, that'd make sense. You can still get them on Linux, but that's just because of the way Linux distros are built nobody is working on them as a core part of the OS. I'm surprised they're still in there, at all. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |