topic Re: rlogin security in Operating System - HP-UX

rlogin security

Kurt Henning — Mon, 21 Aug 2000 16:12:25 GMT

We have two 800 series hosts. One of them (I'll call it host-a ) is visible from the Internet, while the other (host-b) is not. If I attach to host-a with an X terminal as root, I can rlogin to host-b with no password requirement. I'm not happy with this condition. I've looked at, and even altered, the hosts.equiv file on host-b to make sure there is no mention of host-a. I've made sure there is, alternately, no .rhosts file in /home/root or an .rhosts file that does not include host-a at all. No change. I can always rlogin straight from host-a to host-b.

Am I missing something obvious here? Might there be a patch for this? I've even tried putting -host-a in the hosts.equiv file on host-b. No change.

Re: rlogin security

Victor BERRIDGE — Mon, 21 Aug 2000 16:15:54 GMT

Are you shure you have no .rhosts in / ?

Re: rlogin security

Antoanetta Naghiu — Mon, 21 Aug 2000 16:24:51 GMT

/etc/hosts.equiv has nothing to do with root.
In host-b, first, check what is the root home directory.
more /etc/passwd | grep root
and see the very right field.
cd to that directory.
ls -al |more
If .rhosts exists, check for host-a, or for + sign.
You can have something as: + root, that allowed root from all hosts to login.
As a note, if you'll like to implement high security here, disable rlogin, create /etc/securetty and so on...
See as well
s700_800 11.00 r-commands cumulative mega-patch(PHNE_17028)
s700_800 11.00 R6.11.00 SNAplus2 services, TN3270 patch(PHNE_19613)
s700_800 11.00 Cumulative STREAMS Patch(PHNE_20008)
s700_800 11.00 cumulative ARPA Transport patch(PHNE_21767)
s700_800 11.00 HP DCE/9000 1.7 Integrated Login cum. patch(PHSS_17811)

Re: rlogin security

Victor BERRIDGE — Mon, 21 Aug 2000 16:26:07 GMT

else your machine-b is not secured and root has no passwd...

Re: rlogin security

Kurt Henning — Mon, 21 Aug 2000 16:34:20 GMT

Victor and Antoanetta:

Thank you both. Obvious I'm still too new to this and I missed the obvious. I assumed that root's home directory was /home/root. It wasn't. Someone had put a .rhosts file in root's true home directory with the offending entries in it. I removed them.