HPE Community
Operating System - HP-UX
1753519 Members
4643 Online
108795 Solutions
New Discussion юеВ

Modifying the rhost file

 
SOLVED
Go to solution
Amrit_1
Advisor

тАО01-21-2004 11:00 PM

тАО01-21-2004 11:00 PM

Modifying the rhost file

Hi,

I needed to ftp a file from my local machine to a remote machine. Hence, I need to modify the .rhosts file on the remote machine. While doing this operation, I am adding the following entries:

a. hostIP address userid
b. + root

I am skeptically about adding the second entry since it would give access to everyone and this would result in a major security breach.
In short, is it sufficient to add only the first entry.

Also, what is the difference between
+ + and + root entry in the .rhosts file.
0 Kudos
Reply
8 REPLIES 8
Mark Grant
Honored Contributor

тАО01-21-2004 11:05 PM

тАО01-21-2004 11:05 PM

Solution

Re: Modifying the rhost file

You don't need a .rhosts entry to ftp a file.

You need to look at /etc/ftpd/ftpusers or ftpaccess or /var/adm/inetd.sec if you are not being allowed to ftp.

Never preceed any demonstration with anything more predictive than "watch this"
Reply
Sunil Sharma_1
Honored Contributor

тАО01-21-2004 11:10 PM

тАО01-21-2004 11:10 PM

Re: Modifying the rhost file

Hi,

You need not to modify .rhost file for enabling ftp access. .rhost file is not playing any role in ftp.
you may require to modify /etc/ftpuser to control ftp access or inetd.sec file.

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
Michael Schulte zur Sur
Honored Contributor

тАО01-21-2004 11:12 PM

тАО01-21-2004 11:12 PM

Re: Modifying the rhost file

Hi,

that's correct. You need .rhosts for rsh, rcp, rlogin and the like but not for ftp.

Michael
0 Kudos
Reply
G. Vrijhoeven
Honored Contributor

тАО01-21-2004 11:12 PM

тАО01-21-2004 11:12 PM

Re: Modifying the rhost file

Hi,

Armit for ftp you need a .netrc file. But this is a big secutiry risc, couse if contains a servername, username and passwd. I would suggest you use SCP. I am sure SEP will post you a howto.

Gideon
0 Kudos
Reply
T G Manikandan
Honored Contributor

тАО01-22-2004 12:15 AM

тАО01-22-2004 12:15 AM

Re: Modifying the rhost file

+ + would mean -->any user from any host can login

+ root -->user root from any host can login.

as stated do not use .rhosts file for ftp.
Reply
Amrit_1
Advisor

тАО01-22-2004 11:03 PM

тАО01-22-2004 11:03 PM

Re: Modifying the rhost file

Apart from ftp, I am also executing the rexec and remsh command and hence need to add a entry in the rhost file. Under this scenario, is there any need to have the "+ root" entry in the .rhosts file or would it be sufficient to have userid.

Also, while ftping is it compulsory to have the entry in the /etc/ftpuser file.

One last thing, I was checking my HP-UX 11i and there is not ftpuser file present in the /etc/ftpd nor is there a /var/adm/inetd.sec file.
0 Kudos
Reply
Mark Grant
Honored Contributor

тАО01-22-2004 11:10 PM

тАО01-22-2004 11:10 PM

Re: Modifying the rhost file

hostname and user name is just fine for the "r" commands

if ftpusers exists then only the users mentioned in it can ftp. Otherwise all users can.

/var/adm/inetd.sec should exists but if it doesn't then it just means that anybody can use ftp too.

One common problem is that the user's shell must appear in /etc/shells for ftp to work.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Sunil Sharma_1
Honored Contributor

тАО01-23-2004 12:36 AM

тАО01-23-2004 12:36 AM

Re: Modifying the rhost file

Hi,

Fist column in .rhosts/hosts.equiv file is for hostname/IP address and second is user name.

if you give + in both column meance every user from every hosts and it can be a security concern so always use

Hostname Username

/etc/ftpuser file is for blocking perticular user to gain ftp access. it is optional file and you can create it using vi.
in this file you have to mention username only one per line.
/var/adm/inetd.sec should be there by default.

Sunil


*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.