HPE Community
Operating System - HP-UX
1833420 Members
3368 Online
110052 Solutions
New Discussion

Re: rlogin

 
SOLVED
Go to solution
Thiyagarajan.s
Frequent Advisor

‎08-02-2004 04:07 AM

‎08-02-2004 04:07 AM

rlogin

How is this rlogin is working
I have seen this is working without hosts.eqiv on destination
I have similar user accounts on HPUX system with the same id and gid when doing rlogin asking passwd
It is working for some other user accounts in these system
and what is the role and precedence of .rhosts file when exists wiht /etc/hosts.eqiv

Thanks in Advance!

0 Kudos
Reply
9 REPLIES 9
Bharat Katkar
Honored Contributor

‎08-02-2004 04:14 AM

‎08-02-2004 04:14 AM

Solution

Re: rlogin

Hi,
.rhosts overrides /etc/host.equiv configuration.
.rhosts resides in users home directory and is owned by that users.
For superuser (root) /etc/hosts.equiv is ignored, .rhosts only works.

For more information see man rhosts.

Hope that helps.
Regards,

You need to know a lot to actually know how little you know
Reply
Steven E. Protter
Exalted Contributor

‎08-02-2004 04:16 AM

‎08-02-2004 04:16 AM

Re: rlogin

Check the following:

1) network connectivity
2) .rhosts file
3) /etc/hosts.equiv file

Any of the above can cause rlogin to fail.

hosts.equiv overrides the .rhosts files. It is generally used to lock down security even if rhosts is set correctly.

Have you considered doing this with secure shell?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Pete Randall
Outstanding Contributor

‎08-02-2004 04:17 AM

‎08-02-2004 04:17 AM

Re: rlogin

The hosts.equiv file grants system-wide access while the .rhosts file, because it is located in a particular user's home directory, grants individual access. If I recall correctly, hosts.equiv does not work for root - root access requires a .rhosts file.


Pete

Pete
Reply
A. Clay Stephenson
Acclaimed Contributor

‎08-02-2004 04:18 AM

‎08-02-2004 04:18 AM

Re: rlogin

The authenication is explained very well in the hosts.equiv man pages. Man 4 hosts.equiv (it also covers .rhosts). Only if a matching entry is not found in /etc/hosts.equiv does the user's .rhost file come into play.
If it ain't broke, I can fix that.
Reply
Bill Hassell
Honored Contributor

‎08-02-2004 04:37 AM

‎08-02-2004 04:37 AM

Re: rlogin

Note also that even when .rhosts exists and is correctly formatted, .rhosts must be 400 or 600 permissions, in the $HOME directory of the owner and owned by that user. And most important, the remote system's IP address must be resolvable by the local system. All these rules must be satisified or rlogind will ask for a password.


Bill Hassell, sysadmin
Reply
KapilRaj
Honored Contributor

‎08-02-2004 05:17 AM - last edited on ‎09-16-2024 02:25 AM by

‎08-02-2004 05:17 AM - last edited on ‎09-16-2024 02:25 AM by

Re: rlogin

Thiyagarajan,
Why not reward them with some points ?.
....... Kaps
Nothing is impossible
0 Kudos
Reply
Thiyagarajan.s
Frequent Advisor

‎08-02-2004 03:05 PM

‎08-02-2004 03:05 PM

Re: rlogin

I will make my question more clear,there is a host.eqiv file and there are no .rhosts file in each user profile except in /.rhosts file.
the rlogin is working well except for a single user





0 Kudos
Reply
Con O'Kelly
Honored Contributor

‎08-02-2004 04:54 PM

‎08-02-2004 04:54 PM

Re: rlogin

Hi

The hosts.equiv file is always checked first for authorisation.
If the hosts.equiv file has an entry for a remote host then all users on that remote host should be able to rlogin without a password. However if there is also an entry in hosts.equiv for a specific user, then that user won't be able to login:
Example:
+ -


Can you explain your rlogin problem in more detail ie what entries are in hosts.equiv and which user is failing.

Also check /var/adm/inetd.sec for any entries that may deny rlogin access from specific IP addresses/hosts.

Cheers
Con
Reply
Bill Hassell
Honored Contributor

‎08-03-2004 12:27 AM

‎08-03-2004 12:27 AM

Re: rlogin

Having .rhosts in / means that you have root's HOME in / (not a good idea). Nevertheless, a correctly formatted .rhosts with the correct permissions and ownership root's HOME directory will allow root to accept an rlogin, remsh or rcp. /.rhosts has nothing to do with any other users except root.

Since other users cannot use rlogin without giving a password, your host.equiv file is incorrect. There will be no error message telling you what to fix. You have to change the permissions and ownership to 600 and ownership must be root. For testing, you can wipe out everything in hosts.equiv and just put a single + in that file. Now, any computer can use rlogin to this machine. Otherwise, you need a machine name and optionally, a username to restrict access.

NOTE: A single + is a very severe security risk so do not leave your host.equiv file with just a +.


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.