.rhosts vs. hosts.equiv

Thad P Floryan thad at cup.portal.com
Thu Jan 10 23:44:16 AEST 1991 

pete at wvus.wciu.edu (Pete Gregory) in <TsNiV1w163w at wvus.wciu.edu> writes:

	Could someone please describe for me the differences between what
	$HOME/.rhosts and /etc/hosts.equiv do for me, with regards to ftp,
	telnet, rlogin, resh access from one system to another?

I was going to say RTFM (Read The Fine Manual), but noticed you DIDN'T ask
about $HOME/.netrc, so maybe you don't have manuals (is this true?)

You should look at hosts.equiv(5), .netrc(5) and .rhosts(5) ... these are the
"man" pages for those files.

If your system is "open" or connected to a network permitting access from
outside your organization, you want to forget you ever even heard of .rhosts
and hosts.equiv since those will open up your system to crackers and other
nasty guys.

If you're on a closed net confined to your organization and you can trust
everyone, then those files, when properly set up, can make life a lot easier
on an internally "open" system.

In summary:

/etc/hosts.equiv is an optional file which, if present, is used by various
	facilities to authenticate a request for login coming in from a user
	on a remote machine.  It basically contains a list of hosts with which
	the local hosts has usernames in common.  If someone "spoofs" this
	feature (i.e. gimmicks their system to have a system name like one in
	that file, and (possibly) a similar username, they can be automatically
	logged onto your system without a password.  Neat, huh?  The file
	format is:

		remotehost [ trustedremoteuser ]
		   ...

$HOME/.rhosts is essentially a "private" version of /etc/hosts.equiv with the
	same caveats.  Note the file MUST be readable ONLY by the local user
	or by root

$HOME/.netrc contains login information for ftp to a remote machine.  ftp will
	check this file for login information for remote machine(s); if an
	entry is not found, then you'll be prompted for username and password
	to the remote machine.  Again, the file must be readable only by its
	owner (ftp CHECKS THIS) because the file format is:

		machine machinename login loginname password passwordstring

And there's even a "trick" I haven't seen documented whereby you can "ln"
/bin/remsh to multiple instances of system names on your network to really
make life easy.  On my systems what I've done is (abbreviated):

	$ ln /bin/remsh /usr/local/bin/thadlabs
	$ ln /bin/remsh /usr/local/bin/tlabs1
	$ ln /bin/remsh /usr/local/bin/tlabs2
	  ...etc...

and then I can do (for example):

	$ tlabs1 ls -l /usr/adm

instead of:

	$ remsh tlabs1 ls -l /usr/adm

The programs rlogin, rcp, remsh, rexec and the like will check (actually the
daemons will do this) for the presence of the hosts.equiv or .rhosts and deny
access if they're not present.

Again, if you're concerned about security (and you SHOULD BE), then you
don't want to use any of these "features" or programs.

I strongly suggest you, as SA (presumably System Administrator), get the
lastest posting of "cops" (an 8-part posting) that just appeared in alt.sources
and run a security audit on your system.  And be sure you're sitting down when
you read the audit report!  :-)

Thad Floryan [ thad at cup.portal.com ]

More information about the Comp.unix.admin mailing list