Kerberized rsh versus SSH


I was looking for is the "securest" tool to be used by rsync or rdist (for the purposes of this discussion, it doesn't really matter which.)

The functional requirement is that program be able to be called from another program (rsync or rdist) and establish a shell-like connection to multiple hosts without the need for a human to type a password more than once.


Here are the tools i'm aware of and their pros and cons:

Kerberized (v5) rsh

Pros: Cons:

SSH v1

Pros: Cons:

SSH v2

Pros: Cons:


Unfortunately, i think the latency associated with logging into an older SPARC machine via SSH v2 will be the decideing factor. I have a stack of trusty sun4c machines (SPARC 1, 1+, 2 IPC, etc.) i really want to use, and NetBSD runs like a champ on them, so there's really no reason to pitch them in the damn landfill.

So if i'm not using SSH v2, it's either SSH v1 or Kerberized rsh. Given the hassles of managing SSH's authorized_keys and v1's known protocol vulnerabilities, i'm leaning towards rsh, with its own protocol weakness. (Sigh)

Hopefully the OpenSSH people will add support for accept Kerberos v5 tickets.

$Id: rsh-v-ssh.html,v 1.3 2002/09/01 10:16:49 johan Exp $