HPE Community
Operating System - HP-UX
1830705 Members
3796 Online
110015 Solutions
New Discussion

trusted host on HPUX 10.2/11

 
SOLVED
Go to solution
vladimir gershman
Occasional Advisor

‎08-15-2002 11:07 AM

‎08-15-2002 11:07 AM

trusted host on HPUX 10.2/11

Greetings,

I want to set up a workstation A (with HPUX 11) as a trusted host to workstations B and C (both with HPUX 10.2). I had sysadmins modify /etc/hosts.equiv file on B and C to include A. After that when I am on A and do "rlogin B" I still get asked for a password. Is there anything else that has to be done besides modifying /etc/hosts.equiv

Thanks

Vlad
0 Kudos
Reply
6 REPLIES 6
Martin Johnson
Honored Contributor

‎08-15-2002 11:25 AM

‎08-15-2002 11:25 AM

Re: trusted host on HPUX 10.2/11

You need an .rhosts file in the home directory. See man rhosts.

HTH
Marty
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎08-15-2002 11:49 AM

‎08-15-2002 11:49 AM

Solution

Re: trusted host on HPUX 10.2/11

Hi Vlad,

Allowing r-access is a serious security violation.

/etc/hosts.equiv defines system wide access while .rhosts defines individual user access. So, if you intend to use r-commands, then it is recommended to configure .rhosts.

If root on hostB has to rlogin to root on hostC, then .rhosts file in the home directory of root on hostC should have the following entry.

hostB root

The best way to setup trusted system is to use public/private key authentication mechanism through ssh. You need to do a little bit of reading but it is better to run ssh. You can get it from

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/openssh-3.4p1/

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Tom Danzig
Honored Contributor

‎08-15-2002 11:54 AM

‎08-15-2002 11:54 AM

Re: trusted host on HPUX 10.2/11

Also check to make sure the service is not restricted via an entry in /var/adm/inetd.sec
Reply
Sajid_1
Honored Contributor

‎08-15-2002 11:54 AM

‎08-15-2002 11:54 AM

Re: trusted host on HPUX 10.2/11

hello,

As mentioned, allowing permissions for r commands through the *global* file - /etc/hosts.equiv is a big security hole. You can do the same setting with $HOME/.rhosts file. In your case, create this under / and add the hostname and username entries there.

HTH
learn unix ..
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-15-2002 11:58 AM

‎08-15-2002 11:58 AM

Re: trusted host on HPUX 10.2/11

does host.equiv not override any .rhost files, rendering them useless, I mean harmless?

I initiated that and a inetd.sec file and clamped down effectively.

r login is a serious security concern and as I migrate to new boxes, I'm getting rid of it. The developers are already squealing, but they'll just have to get used to secure ftp

Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎08-18-2002 06:47 PM

‎08-18-2002 06:47 PM

Re: trusted host on HPUX 10.2/11

I agree with the security concerns, but can't say what's the right security policy for your environment. Assuming that you still want to make this work with .rhosts despite the security issues, you might look to see if the hostnames of a, b and c are aliased in some way in your /etc/hosts or DNS configuration. I have seem cases where the mapping between IP address and hostname returns the 'wrong' entry relative to what is in the .rhosts files. The solution in that case is to include both the real hostname and all of its aliases in your .rhosts file.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.