Vendor comments on plan to remove telnet, ftp and eventually appl/bsd

[Russ Allbery]

eichin-krb <eichin-krb at thok.org> writes:

> I've picked up comments from sysadmins who say "oh, we run sshd and
> klogind... so that when an ssh advisory comes out, we can shut it off
> and use klogin until we have a fix, and when klogin advisories come out,
> we can shut that off until it gets fixed, but they usually don't
> overlap."  This isn't a sign that either of them are any *good*...

I think there's been... one?  None?  klogind advisories over the same
period of time that has seen at least five serious remotely-exploitable
sshd holes.

Whether that's because fewer people care or because the program is
simpler, I have no idea, and frankly don't particularly care.  It
translates into fewer exploits.

And I'm sorry that you've had so many problems setting up klogind, but it
works fairly reliably for us across six different brands of Unix.  *shrug*

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>