HPE Community
Operating System - HP-UX
1825805 Members
2902 Online
109687 Solutions
New Discussion

Re: REMSH

 
SOLVED
Go to solution
Renante M. Yu_1
Occasional Advisor

‎04-14-2004 06:43 PM

‎04-14-2004 06:43 PM

REMSH

Hi gurus,

How do I activate remsh? Thanks in advance.

Regards,

Teng Yu
Only dead people have seen peace
0 Kudos
Reply
6 REPLIES 6
Sanjay Kumar Suri
Honored Contributor

‎04-14-2004 06:57 PM

‎04-14-2004 06:57 PM

Solution

Re: REMSH

1. Provide an entry in /etc/inetd.conf.
shell stream tcp nowait root /usr/lbin/remshd remshd

2. Add a entry in /etc/services.
shell 514/tcp cmd

3. For added security configure /var/adm/inetd.sec.

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
Reply
KapilRaj
Honored Contributor

‎04-14-2004 07:45 PM

‎04-14-2004 07:45 PM

Re: REMSH

Hi,

We need $HOME/.rhosts or a /etc/hosts.equiv antry as well ?

Regds,

Kaps
Nothing is impossible
0 Kudos
Reply
Renante M. Yu_1
Occasional Advisor

‎04-14-2004 08:14 PM

‎04-14-2004 08:14 PM

Re: REMSH

Kaps,

What entry shld I add in $HOME/.rhosts or in /etc/hosts.equiv ?

Thanks,

Teng Yu
Only dead people have seen peace
0 Kudos
Reply
Sanjay Kumar Suri
Honored Contributor

‎04-14-2004 09:04 PM

‎04-14-2004 09:04 PM

Re: REMSH

System and User Equivalency
Allows some or all users password-free access to a host.
Only apply to Berkley services (rlogin, rmesh, rcp).
Configured via /etc/hosts.equiv (444) and ~/.rhosts (600).
To minimize the security risk, ensure the permissions on both files are set appropriately.

1. Configuring /etc/hosts.equiv
/etc/hosts.equiv file associates remote hosts with a user's host. The association identifies equivalent hosts that are frequently accessed by the same users.
If a remote host is listed in /etc/hosts.equiv, and the remote user's login name matches a login name on the local host, the user is not prompted for a password. The equivalency doesn't apply to superusers. Root user equivalency can be set up through rhosts.

An entry in the hostequiv file is a single line (no continuations) in the format:
[hostname [username]] [#comment]

Assume host2:/etc/hosts.equiv has following entries:
hosts1 -sue
hosts1
Assume host3:/etc/hosts.equiv has following entries:
hosts1 tom

Which of the following commands succeed from host1:login=leo?
$rlogin host2 (Success)
$rlogin hosts2 -l tom (leo has to enter the password because equivalency between different users is not possible).
$remsh host3 ll (Fail)
$ remsh hosts3 -l tom ll (Fail because only equivalency configured for tom from host1)
Which of the following commands succeed from host1:login=sue?
$rcp host2:.profile . (Fail)

2. Configuring ~/.rhosts
$HOME/.rhosts can be created and configured by any user to specify remote login names that are equivalent to the local user's login name. $HOME/.rhosts must be owned by the local user. The local host allows a remote user with a login listed in the local $HOME/.rhosts file to log into the local user's account without specifying a password. It can be used to allow service to a particular user whose system has not been granted access in /etc/hosts.equiv.
.rhost in the home directory of the super user must be created if equivalent login names for root has to be used.

Assume host2:~root/.rhosts has following contents
host1
Assume host2:~sue/.rhosts has following contents
host1 sue
host1 joe
Assume host2:~leo/.rhosts has following contents
host1 -sue
host1 +

Which of the following commands succeed from host1:login=leo?
rlogin host2 -l root (password is required)
remsh host2 ll (Succeed)
rmesh host2 -l sue ll (Fail)
Which of the following commands succeed from host1:login=sue?
rlogin host2 (Succeed. password not required)
rcp leo@host2:.profile . (Fail)

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
0 Kudos
Reply
KapilRaj
Honored Contributor

‎04-14-2004 09:26 PM

‎04-14-2004 09:26 PM

Re: REMSH

I am late ur questions are answered

$HOME/.rhosts Syntax is as follows,

hostname username
i.e.
kaps-test kapilraj



Regds,

Kaps
Nothing is impossible
0 Kudos
Reply
piotr wienckiewicz
Advisor

‎04-14-2004 09:30 PM

‎04-14-2004 09:30 PM

Re: REMSH

hi
maybe better use ssh with auth by key ?
remsh is very dangerous
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.