rsh fallback

Dan Astoorian djast at cs.toronto.edu
Wed Apr 30 02:09:02 EST 2003


On Tue, 29 Apr 2003 11:36:52 EDT, Carson Gaspar writes:
> 
> A work-around that is mostly working for me is to create a script that 
> attempts an ssh, checks the exit code, and tries an rsh if the ssh failed. 
> Sadly, this is not perfect, as it is possible for the remote command to 
> fail, and for ssh to return an exit code that looks like an ssh failure.

A possible refinement of this method would be for the wrapper script to
probe the ssh port of the remote host, to determine whether it should
use ssh or rsh/rlogin as the transport.  This would only work in
somewhat controlled environments, since there are many cases which would
be too complex for a wrapper to be expected to deal with (e.g., "Port"
commands in .ssh/config, -p or -oPort options on the command line,
etc.); the wrapper would need to be able to make simplifying
assumptions.

An alternative approach would be a wrapper script which is aware of
which of your servers have not yet been converted from rsh to ssh, and
selects the insecure transport only in those cases where it's known to
be necessary.

-- 
Dan Astoorian               People shouldn't think that it's better to have
Sysadmin, CSLab             loved and lost than never loved at all.  It's
djast at cs.toronto.edu        not, it's better to have loved and won.  All
www.cs.toronto.edu/~djast/  the other options really suck.    --Dan Redican




More information about the openssh-unix-dev mailing list