Re: remsh protocol to be used

zxcv · ‎08-31-2011

Hi ,

we have app and db split setup.

In turn to take db backup we are using remsh in our backup scripts , i would like to know whether it is secured one from audit point of view and if not then which protocol or service i should go for ??

James R. Ferguson · ‎08-31-2011

Hi:

The "r-shell" utilities are hopelessly insecure and should be replaced with SSH (of which 'scp' and 'sftp' are a part). Connection authentication and data exchange are encrypted when you use SSH. This adds a bit of CPU overhead and makes file transfers a bit slower than using the cleartext counterparts like FTP, but is a *must* in today's world.

Syntatically, changing from 'remsh' to 'ssh' is a virtual no-brainer.

Regards!

...JRF...

Doug O'Leary · ‎08-31-2011

Hey;

To reiterate for emphasis, No, the UNIX r-commands *are not* secure from an audit perspective or any other. All the network traffic is in the clear and there is little or no authentication. As stated, you need to use secure shell (ssh) in place of any/all of the unix-r commands as well as telnet and ftp.

Check out the users' guide at http://www.olearycomputers.com/ll/ssh_guide.html for instructions on how to use ssh up to and including publick key authentication which you'll need in order to secure your back up scripts.

Hope that helps. Post additional questions if and as needed.

Doug O"Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html

zxcv · ‎08-31-2011

Thanks Doug .

Re: remsh protocol to be used

remsh protocol to be used