topic Re: Linux .rhosts /etc/hosts.equiv in Operating System - Linux

Linux .rhosts /etc/hosts.equiv

Stefan Marquardt_1 — Wed, 10 Jul 2002 08:38:06 GMT

Hi,

i want to alloy any user on host a to rsh to host b as user dummy.
In other OS i can put '+' in ~.rhosts for the username.
In RH Linux i have to put every username in ~.rhosts if it should work.
But i need a solution that any user on host a (Hp-UX) may do a remsh host_a -l dummy. (remote shell only for user dummy and not more !)
ssh isn't a solution because the applications uses rsh (remsh)

Re: Linux .rhosts /etc/hosts.equiv

Mark Fenton — Thu, 11 Jul 2002 00:28:53 GMT

Won't /etc/hosts.equiv allow this?

man hosts.equiv for more detail.

Mark

Re: Linux .rhosts /etc/hosts.equiv

Stefan Marquardt_1 — Thu, 11 Jul 2002 07:30:19 GMT

The error wasn't the rhosts file or hosts.equiv.

server + is o.k. but the "+" isnt't enabled default on RH 7.1 ...
Solution:
Edit /etc/pam.d/rsh
Add promiscuous after pam_rhosts_auth.so

man pages for rhosts and hosts.equiv aren't helpful.
The Pam Admin Doc helps.

Re: Linux .rhosts /etc/hosts.equiv

Steven E. Protter — Fri, 23 Aug 2002 18:23:02 GMT

If these machines are exosed on the Internet, make sure you have ipchains firewall on the Linux side.

On the HP-UX side /hosts.equiv overrides .rhosts files, brings things under administrators control. With a /var/adm/inetd.sec file you can restrict users by network address(only 10.1.10 for example) and protocol. You can and should stop telnet, and be choosey about what other protocols you let through.

I highly recommend this for the HP-UX side otherwise the world can get on your HP-UX box.