Telnet and running commands on remote systems

Donn Cave donn at u.washington.edu
Fri Jan 11 20:17:45 CET 2002


Quoth "Alex Martelli" <aleax at aleax.it>:
| "Donn Cave" <donn at u.washington.edu> wrote in message
| news:a1ki3m$2qdi$1 at nntp6.u.washington.edu...
|     ...
|> and as an authentication technology Kerberos is at least as secure
|> as ssh, I would say better.
|
| I guess you mean "as secure as ssh `public-key authentication'": ssh
| can be configured to use Kerberos or other authentication kinds if
| the needed infrastructure is in place, then leaving ssh to do what
| it does best (channel encryption &c).  I'm told few actually use the
| theoretical abilities of Kerberos to channel-encrypt, and for good
| cause (I'm not really qualified to debate the theoretical issues...).

Actually I meant "give them Kerberos" vs. "give them ssh".  I actually
do use Kerberos primarily in an ssh client (and an IMAP client), but
once you have that option, you don't absolutely need ssh - could use
telnet instead.

I also believe that few ssh users, in any large and not especially
technical population, tend to use public key authentication.  Rather
they use passwords.  Perhaps it isn't fair to blame ssh for this, or
perhaps it is - since the cost of setting up a Kerberos site infrastructure
is weighed against Kerberos, it's certainly fair to notice the costs of
the individual's ssh key management burden, and if most people shrug that
off then it's fair to notice that too.

	Donn Cave, donn at u.washington.edu



More information about the Python-list mailing list