HPE Community
Operating System - HP-UX
1834804 Members
2199 Online
110070 Solutions
New Discussion

Re: rlogin

 
Junior C.
Frequent Advisor

‎06-20-2000 05:43 AM

‎06-20-2000 05:43 AM

rlogin

How do I prevent user from rlogining as root.

Thanks,

Junior
0 Kudos
Reply
6 REPLIES 6
Andreas Voss
Honored Contributor

‎06-20-2000 05:47 AM

‎06-20-2000 05:47 AM

Re: rlogin

Hi,

don't know if your users know the root password but when not rlogin as root without password is controlled via /.rhosts
If you remove the /.rhosts rlogin as root requieres passord.
0 Kudos
Reply
Benoit MARC
Occasional Advisor

‎06-20-2000 05:47 AM

‎06-20-2000 05:47 AM

Re: rlogin

Hi,

You can prevent anyone from connecting directly as root, either using rlogin or telnet, by configuring the /etc/securetty.
If you just put "console" in this file, you will be able to connect directly as root only from the console. Keep at least this entry.

To become root form other terminals, you will have to use the su(1) command.

greetings
benoit marc
0 Kudos
Reply
Steven W. Illgen
Advisor

‎06-20-2000 05:51 AM

‎06-20-2000 05:51 AM

Re: rlogin

One way is to create a .rhosts file in the user's home directory on the remote system. For instance, if user1 on system1 needs to rlogin to system2, create a .rhosts file in /home/user1 on system2 as follows:

system1 user1

This allows user1 to rlogin or remsh to system2.

In addition, to prevent anyone from using rlogin as root, do not configure a .rhosts file in the root directory.

Hope this helps.
0 Kudos
Reply
Jasmin Berube
Advisor

‎06-20-2000 05:51 AM

‎06-20-2000 05:51 AM

Re: rlogin

you have to remove "station?? root" entry in /.rhosts file, or delete this file. Users must be listed in this file to be able to do
rlogin.
0 Kudos
Reply
Albert E. Whale, CISSP
Honored Contributor

‎06-20-2000 05:51 AM

‎06-20-2000 05:51 AM

Re: rlogin

Junior,

There are two files associated with rlogin on HP-UX, they are:

/etc/hosts.equiv and ~/.rhosts

If the mahine name and/or user root are in these files, then the rlogin door is opened for the root user.

to prevent root from rlogin access perform the following.

> /etc/hosts.equiv
(that is shorthand for:
cat /dev/null > /etc/hosts.equiv)
> ~root/.rhosts

that will eliminate rlogin access from any machine for the root user.

To prevent rlogin access for all users, then you'll need to check the entire server for .rhosts files for all users. If you find them, delete them and recreate them as the root user, securing them so the user cannto modify the file.

Hope that helps.
Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎06-20-2000 06:20 AM

‎06-20-2000 06:20 AM

Re: rlogin

Comment out login in /etc/inetd.conf and
login in /etc/services (port 513). re-read inetd.conf with #inetd -c.

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.