ssh-based encrypted connection between 1) the remote server, 2) firewall, 3) local trusted network
A secure shell trusted, encrypted connection allows rdist to authenticate using strong encryption with remote servers. Because ssh is not presently subject to spoofing attacks, rdist can work without attacks, rdist can work without worry of data being hijacked.
Because this is a local area network behind a firewall, it is assumed, by default , to contain only trusted connections. rdist can work reliably in local area networks.
rdist cannot reliably work across unencrypted, nonsecure, and untrusted networks, because rdist does not provide any way to authenticate with the server. Without genuine authentication, it is impossible to know if an incoming rdist request is real of hijacked
Because this is a local area network, it is by default assumed to be trustworthy. Unfortunately, because the incoming rdist connection was not authenticated, the local area network cannot trust rdist and should not allow rdist activity.
