cancel
Showing results for 
Search instead for 
Did you mean: 

.rhosts file

SOLVED
Go to solution
oprakash
Frequent Advisor

.rhosts file

Hi,

I am having a file .rhosts in / filesystem.

# pg /.rhosts
xxxx.xxxx.xxxx.com root
zzzz.zzzz.zzzz.com root # TSM
#

Hope this file will have the entries of some server in a network,
1. why the root was mentioned here ?
2. Whether some one can able to login in as root without passwd ?

Request you to provide me the solution, thanks in advance.
9 REPLIES

Re: .rhosts file

>1. why the root was mentioned here ?
read the manual on what the format of the .rhosts file is:
http://docs.hp.com/en/B9106-90011/hosts.equiv.4.html?jumpid=reg_R1002_USEN

>2. Whether some one can able to login in as root without passwd ?
yes that is what it is used for. But, i guess the the services could be configured to not use the .rhosts file (depending on the version of the OS) or the services could be disabled. If the services are disabled usually a .rhosts file isn't allowed to exist either

http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1359493
Sagar Sirdesai
Trusted Contributor

Re: .rhosts file

Hi
This means root from any server which belongs to domains xxxx.xxxx.xxxx.com and zzzz.zzzz.zzzz.com can remotely login using rlogin command

Sagar
Ganesan R
Honored Contributor

Re: .rhosts file

Hi Oprakash,

.rhosts is used for user level authentication for "r" commands like rlogin, remsh.

Your entries allows root user only from the hosts xxxx.xxxx.xxxx.com and zzzz.zzzz.zzzz.com to login without password for rlogin and remsh commands.
Best wishes,

Ganesh.
oprakash
Frequent Advisor

Re: .rhosts file

Hi Ganesan,

That means zzzz.zzzz.zzzz.com server should login as root. After that they can put rlogin command to login to a specific server am i right.

( My concern is whether root privilage will go without passwd for that user in ZZZZ.ZZZZ.ZZZZ.com )
Ganesan R
Honored Contributor
Solution

Re: .rhosts file

Hi Oprakash,

>>>That means zzzz.zzzz.zzzz.com server should login as root. After that they can put rlogin command to login to a specific server am i right.<<<

I am not sure how you understood the above sentence. Let me explain.

You logged in as a root user on zzzz.zzzz.zzzz.com. Now when you connect to other server which is having .rhosts file using this command,
#rlogin

it will not ask for root password. It will allow you to login as a root user. Now you have all the root privilages on the remote server.

Hope this clear your doubts.
Best wishes,

Ganesh.
oprakash
Frequent Advisor

Re: .rhosts file

Dear Ganesan,

Thanks for your valuable information, now i understood this scenario.

How can we restrict this permission, without modifying this file contents. hope it will have some services running in server.
oprakash
Frequent Advisor

Re: .rhosts file

Hi,

I also tried # rlogin ZZZZ.ZZZZ.ZZZZ.com -l root This command is asking root passwd to enter.
Dennis Handly
Acclaimed Contributor

Re: .rhosts file

>How can we restrict this permission, without modifying this file contents?

I don't see how. If you don't want it to be root, you change that file.
You could of course add code to .profile and try to check but why bother? You want to rcp but not rlogin/remsh? But remsh doesn't use .profile.

>I also tried # rlogin ZZZZ.ZZZZ.ZZZZ.com -l root This command is asking root passwd to enter.

What's in .rhosts is the SOURCE machine to allow, not the target.
Ganesan R
Honored Contributor

Re: .rhosts file

Hi Oprakash,

>>>How can we restrict this permission, without modifying this file contents. hope it will have some services running in server.<<<

If you believe that some services will use this .rhosts file for login to the server then do not modify it.

>>I also tried # rlogin ZZZZ.ZZZZ.ZZZZ.com -l root This command is asking root passwd to enter<<

As Dennis said, You should try the other way. From ZZZZ.ZZZZ.ZZZZ.com server, try to rlogin to the server which is having .rhosts file. It should allow the connection from ZZZZ.ZZZZ.ZZZZ.com without password.
Best wishes,

Ganesh.