Re: Managing Oracle with R-commands vs. SSH

Pabster wrote:
> Upon speaking with some Oracle administrators in my office, they are
> insisting that they need to use R-commands (rlogin, rsh etc) to manage
> Oracle and for use in applications that use Oracle (we have 8i and 9i). We
> would like to turn off the R-commands on all systems due to security issues
> but these Oracle admins are resisting. Though I have read many articles on
> this and all say that SSH is a complete replacement for the R-commands and
> can be used instead. I even spoke to one Oracle admin from another company
> who said he uses SSH in his Oracle environment and would never use
> R-commands.
>
> Since I am not Oracle-savvy, I wanted to get opinions out there....why would
> this Oracle admin state that he HAS to use R-commands instead of SSH? Lack
> of knowledge on his part or possibly better reasoning that I'm not aware of?
>
> Thanks!
>
>

There is nothing an 'R' command can do that cannot be done with ssh. I am willing to bet they are lazy and do not want to type passwords, etc...

I have managed oracle databases located in remote colo-facilities for a few years now and have always used ssh and ssh only. (once I ssh in, I can use all the oracle tools as well as any other OS tools)

You are correct in not wanting to use 'R' commands, they are very very insecure. Even your joe-basement script kiddy can easily gain access to a system where 'R' commands are used consistently. I would also force them to use scp instead of ftp.

The only method of connecting to our Oracle database is via ssh or the oracle listener itself. (however, when disabling telnet I suggest running a standard ssh server on port 22 and then run sshd from inetd on another port for backup)

-Chuck

-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------

   http://www.newsfeed.com The #1 Newsgroup Service in the World! -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =----- Received on Mon Mar 24 2003 - 20:49:45 CST