HPE Community
Operating System - HP-UX
1752422 Members
5737 Online
108788 Solutions
New Discussion юеВ

.rhosts file

 
SOLVED
Go to solution
oprakash
Frequent Advisor

тАО07-28-2009 08:38 PM

тАО07-28-2009 08:38 PM

.rhosts file

Hi,

I am having a file .rhosts in / filesystem.

# pg /.rhosts
xxxx.xxxx.xxxx.com root
zzzz.zzzz.zzzz.com root # TSM
#

Hope this file will have the entries of some server in a network,
1. why the root was mentioned here ?
2. Whether some one can able to login in as root without passwd ?

Request you to provide me the solution, thanks in advance.
0 Kudos
Reply
9 REPLIES 9
Curtis Larson_2
Advisor

тАО07-28-2009 09:08 PM

тАО07-28-2009 09:08 PM

Re: .rhosts file

>1. why the root was mentioned here ?
read the manual on what the format of the .rhosts file is:
http://docs.hp.com/en/B9106-90011/hosts.equiv.4.html?jumpid=reg_R1002_USEN

>2. Whether some one can able to login in as root without passwd ?
yes that is what it is used for. But, i guess the the services could be configured to not use the .rhosts file (depending on the version of the OS) or the services could be disabled. If the services are disabled usually a .rhosts file isn't allowed to exist either

http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1359493
0 Kudos
Reply
Sagar Sirdesai
Trusted Contributor

тАО07-28-2009 09:09 PM

тАО07-28-2009 09:09 PM

Re: .rhosts file

Hi
This means root from any server which belongs to domains xxxx.xxxx.xxxx.com and zzzz.zzzz.zzzz.com can remotely login using rlogin command

Sagar
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО07-28-2009 09:13 PM

тАО07-28-2009 09:13 PM

Re: .rhosts file

Hi Oprakash,

.rhosts is used for user level authentication for "r" commands like rlogin, remsh.

Your entries allows root user only from the hosts xxxx.xxxx.xxxx.com and zzzz.zzzz.zzzz.com to login without password for rlogin and remsh commands.
Best wishes,

Ganesh.
0 Kudos
Reply
oprakash
Frequent Advisor

тАО07-28-2009 09:41 PM

тАО07-28-2009 09:41 PM

Re: .rhosts file

Hi Ganesan,

That means zzzz.zzzz.zzzz.com server should login as root. After that they can put rlogin command to login to a specific server am i right.

( My concern is whether root privilage will go without passwd for that user in ZZZZ.ZZZZ.ZZZZ.com )
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО07-28-2009 10:14 PM

тАО07-28-2009 10:14 PM

Solution

Re: .rhosts file

Hi Oprakash,

>>>That means zzzz.zzzz.zzzz.com server should login as root. After that they can put rlogin command to login to a specific server am i right.<<<

I am not sure how you understood the above sentence. Let me explain.

You logged in as a root user on zzzz.zzzz.zzzz.com. Now when you connect to other server which is having .rhosts file using this command,
#rlogin

it will not ask for root password. It will allow you to login as a root user. Now you have all the root privilages on the remote server.

Hope this clear your doubts.
Best wishes,

Ganesh.
Reply
oprakash
Frequent Advisor

тАО07-28-2009 10:39 PM

тАО07-28-2009 10:39 PM

Re: .rhosts file

Dear Ganesan,

Thanks for your valuable information, now i understood this scenario.

How can we restrict this permission, without modifying this file contents. hope it will have some services running in server.
0 Kudos
Reply
oprakash
Frequent Advisor

тАО07-28-2009 10:46 PM

тАО07-28-2009 10:46 PM

Re: .rhosts file

Hi,

I also tried # rlogin ZZZZ.ZZZZ.ZZZZ.com -l root This command is asking root passwd to enter.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО07-28-2009 10:56 PM

тАО07-28-2009 10:56 PM

Re: .rhosts file

>How can we restrict this permission, without modifying this file contents?

I don't see how. If you don't want it to be root, you change that file.
You could of course add code to .profile and try to check but why bother? You want to rcp but not rlogin/remsh? But remsh doesn't use .profile.

>I also tried # rlogin ZZZZ.ZZZZ.ZZZZ.com -l root This command is asking root passwd to enter.

What's in .rhosts is the SOURCE machine to allow, not the target.
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО07-29-2009 01:05 AM

тАО07-29-2009 01:05 AM

Re: .rhosts file

Hi Oprakash,

>>>How can we restrict this permission, without modifying this file contents. hope it will have some services running in server.<<<

If you believe that some services will use this .rhosts file for login to the server then do not modify it.

>>I also tried # rlogin ZZZZ.ZZZZ.ZZZZ.com -l root This command is asking root passwd to enter<<

As Dennis said, You should try the other way. From ZZZZ.ZZZZ.ZZZZ.com server, try to rlogin to the server which is having .rhosts file. It should allow the connection from ZZZZ.ZZZZ.ZZZZ.com without password.
Best wishes,

Ganesh.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.