HPE Community
Operating System - HP-UX
1833738 Members
2522 Online
110063 Solutions
New Discussion

Re: rlogin security

 
SOLVED
Go to solution
Kurt Henning
Advisor

‎08-21-2000 09:12 AM

‎08-21-2000 09:12 AM

rlogin security

We have two 800 series hosts. One of them (I'll call it host-a ) is visible from the Internet, while the other (host-b) is not. If I attach to host-a with an X terminal as root, I can rlogin to host-b with no password requirement. I'm not happy with this condition. I've looked at, and even altered, the hosts.equiv file on host-b to make sure there is no mention of host-a. I've made sure there is, alternately, no .rhosts file in /home/root or an .rhosts file that does not include host-a at all. No change. I can always rlogin straight from host-a to host-b.

Am I missing something obvious here? Might there be a patch for this? I've even tried putting -host-a in the hosts.equiv file on host-b. No change.

0 Kudos
Reply
4 REPLIES 4
Victor BERRIDGE
Honored Contributor

‎08-21-2000 09:15 AM

‎08-21-2000 09:15 AM

Re: rlogin security

Are you shure you have no .rhosts in / ?
Reply
Antoanetta Naghiu
Esteemed Contributor

‎08-21-2000 09:24 AM

‎08-21-2000 09:24 AM

Solution

Re: rlogin security

/etc/hosts.equiv has nothing to do with root.
In host-b, first, check what is the root home directory.
more /etc/passwd | grep root
and see the very right field.
cd to that directory.
ls -al |more
If .rhosts exists, check for host-a, or for + sign.
You can have something as: + root, that allowed root from all hosts to login.
As a note, if you'll like to implement high security here, disable rlogin, create /etc/securetty and so on...
See as well
s700_800 11.00 r-commands cumulative mega-patch(PHNE_17028)
s700_800 11.00 R6.11.00 SNAplus2 services, TN3270 patch(PHNE_19613)
s700_800 11.00 Cumulative STREAMS Patch(PHNE_20008)
s700_800 11.00 cumulative ARPA Transport patch(PHNE_21767)
s700_800 11.00 HP DCE/9000 1.7 Integrated Login cum. patch(PHSS_17811)
Reply
Victor BERRIDGE
Honored Contributor

‎08-21-2000 09:26 AM

‎08-21-2000 09:26 AM

Re: rlogin security

else your machine-b is not secured and root has no passwd...
0 Kudos
Reply
Kurt Henning
Advisor

‎08-21-2000 09:34 AM

‎08-21-2000 09:34 AM

Re: rlogin security

Victor and Antoanetta:

Thank you both. Obvious I'm still too new to this and I missed the obvious. I assumed that root's home directory was /home/root. It wasn't. Someone had put a .rhosts file in root's true home directory with the offending entries in it. I removed them.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.