HPE Community
Operating System - HP-UX
1836475 Members
1838 Online
110101 Solutions
New Discussion

remsh to localhost / security issue?????

 
SOLVED
Go to solution
someone_4
Honored Contributor

‎07-31-2002 01:20 PM

‎07-31-2002 01:20 PM

remsh to localhost / security issue?????

Hey everyone,
We have a developer that has a script that he wants to run from one server to collect informaton from the other servers. To me this was an odd request. But he says that he wants the server to remsh to its self because he doesnt want to go back and rewrite the script for it to just run the commands local. Is there a security issue with this??
Maybe its just me but to me it just doesnt sounds right..

Thanks
~ Richard
0 Kudos
Reply
6 REPLIES 6
Bill Hassell
Honored Contributor

‎07-31-2002 01:27 PM

‎07-31-2002 01:27 PM

Re: remsh to localhost / security issue?????

What you describe will do nothing. remsh to yourself isn't going to collect any information, so it's pointless. In order to collect the remote information (assuming the server is in charge) will require all the other machines to allow access. There are many other techniques that are more manageable and secure--but will require new scripting.


Bill Hassell, sysadmin
0 Kudos
Reply
someone_4
Honored Contributor

‎07-31-2002 01:30 PM

‎07-31-2002 01:30 PM

Re: remsh to localhost / security issue?????

Hello
Mr. Bill ..
I think I was misunderstood.
We have a server Athena that runs a script that collects data via remote shell from other servers. That part works fine. But he wants Athena to trust Athena .. So he can remote shell from Athena to Athena ..

~ Richard
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎07-31-2002 01:35 PM

‎07-31-2002 01:35 PM

Solution

Re: remsh to localhost / security issue?????

remsh to lcoal host being done by the user is not a security issue ,so long as it is the same user.


Manoj Srivastava
Reply
uri_1
Advisor

‎08-01-2002 10:13 AM

‎08-01-2002 10:13 AM

Re: remsh to localhost / security issue?????

you should be more worried about remsh to REMOTE computers as a security issue.
especially if the user is root.
consider using ssh.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎08-01-2002 10:19 AM

‎08-01-2002 10:19 AM

Re: remsh to localhost / security issue?????

Richard,

You're going to have to set up /etc/hosts.equiv or .rhosts if you haven't already. You should be restrictive in the way you do this - trust expicit hosts/users so you minimize security risks. Once that's done, it shouldn't be a problem.

Pete

Pete
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎08-01-2002 11:40 PM

‎08-01-2002 11:40 PM

Re: remsh to localhost / security issue?????

Richard,

Think VERY carefully before opening any remsh or r?? ports on any machines. Do you trust all the users on this machine? If this machine is publically accessible you could be leaving yourself open to several subtle attacks. E.g. If this user (with remsh) has lax permissions in their home directory, a clever hacker can add files such as a false ".profile", that can be used to open up other attack routes. Also if the remsh user's password is easily guessed or he/she can be shoulder surfed, another internal user can also craft attacks.

The best way to run remote commands is to install OpenSSH, create a common user (not root) on all machines, assign it a key pair and use ssh to execute commands (without requiring a password). If a remote command needs priveliged access create a captive SSH user or a setuid script on the remote system. This is much more difficult to attack as all transmissions are encryped.
Remember r?? commands rely on the IP address to verify the caller, and that is the easiest thing in the world to fake.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.