LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-01-2003, 09:36 AM   #1
nabil
Member
 
Registered: Feb 2001
Location: MI, USA
Distribution: Debian Linux 100% GNU
Posts: 210

Rep: Reputation: 31
"+" in .rhosts


Does any know why I can't get my rsh to work on Linux machines with "+" in .rhosts file ???

rsh work with hostname user name scheme but not with "+" to allow all to remote shell with out a password???

Any ideas !!
 
Old 03-01-2003, 09:37 AM   #2
nabil
Member
 
Registered: Feb 2001
Location: MI, USA
Distribution: Debian Linux 100% GNU
Posts: 210

Original Poster
Rep: Reputation: 31
BTW: I am running Redhat 8.0, Debian 3.0 and SuSE 8.1
 
Old 03-08-2003, 06:40 PM   #3
nabil
Member
 
Registered: Feb 2001
Location: MI, USA
Distribution: Debian Linux 100% GNU
Posts: 210

Original Poster
Rep: Reputation: 31
Hmm ,.. I did not think this was hard one !!!
 
Old 03-08-2003, 06:57 PM   #4
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,820

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
What permissions do you have on your .rhosts file? If it's not `600' that could explain it.

Also, I've only ever heard of the '+' and '-' used in conjunction with NIS. Is that set up on your system?
 
Old 03-08-2003, 07:13 PM   #5
nabil
Member
 
Registered: Feb 2001
Location: MI, USA
Distribution: Debian Linux 100% GNU
Posts: 210

Original Poster
Rep: Reputation: 31
I do have it set to 600, I can still remote shell with user/host format but not with "+" ...many *nix os's use only "+" format to allow remote shell from any host or network ....

Last edited by nabil; 03-08-2003 at 07:14 PM.
 
Old 03-08-2003, 08:01 PM   #6
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,820

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally posted by nabil
I do have it set to 600, I can still remote shell with user/host format but not with "+" ...many *nix os's use only "+" format to allow remote shell from any host or network ....
So you want to allow any user from any host connect to your system? A quick check of the ``hosts.equiv'' man page indicates that this might be the place to permit that.
 
Old 03-08-2003, 08:39 PM   #7
nabil
Member
 
Registered: Feb 2001
Location: MI, USA
Distribution: Debian Linux 100% GNU
Posts: 210

Original Poster
Rep: Reputation: 31
Still does not work even with "hosts.equiv" !!! ...
Not sure what I am doing wrong ....
 
Old 03-08-2003, 09:14 PM   #8
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,820

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally posted by nabil
Still does not work even with "hosts.equiv" !!! ...
Not sure what I am doing wrong ....
Maybe the security folks at your distribution are trying to tell you something. :-)

Argh! Dunno why I didn't think of this first: check to see if you have the daemon running that even allows this. On the system I'm working on the config files that enable/disable this are in /etc/xinetd.d. By default, nowadays these would be disabled. You can change the setting in the rlogin file to ``disable = no'' and bounce xinetd.

See if that gets you going...

Rick
 
Old 03-08-2003, 09:37 PM   #9
nabil
Member
 
Registered: Feb 2001
Location: MI, USA
Distribution: Debian Linux 100% GNU
Posts: 210

Original Poster
Rep: Reputation: 31
You are not paying attention .. I have already stated that I am able to remote shell, rlogin, rexec ...etc... but trying to do it with only "+" to allow every one with out including any host/user id restrictions in the .rhosts file...If I do include a host/user id then it works ...
 
Old 03-08-2003, 10:34 PM   #10
moses
Senior Member
 
Registered: Sep 2002
Location: Arizona, US, Earth
Distribution: Slackware, (Non-Linux: Solaris 7,8,9; OSX; BeOS)
Posts: 1,152

Rep: Reputation: 50
The only thing I had to do to enable this was to create a file called
.rhosts in my home directory, tell (x)inetd to enable "login", and
restart the (x)inetd daemon (kill -HUP).
The only other requirement is that on both hosts I have the same
username.
 
Old 03-09-2003, 12:32 AM   #11
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,820

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally posted by nabil
You are not paying attention
Crimeny, lighten up. I'm probably just a little distracted by the thought that keeps running around in the back of my mind: why would someone want to effectively disable user authentication on the system? Whatever reason you have for wanting to do this might have a much, much easier solution. Methinks it's better to work with the security features than to try to work around them.

Since this was posted in the General forum, I mistakenly thought that the problem lie with a simple configuration snafu. Obviously it's going to take some security guru who frequents the Security forum to answer this one.
 
Old 03-09-2003, 07:02 AM   #12
nabil
Member
 
Registered: Feb 2001
Location: MI, USA
Distribution: Debian Linux 100% GNU
Posts: 210

Original Poster
Rep: Reputation: 31
rnturn,
Le me explain ...Some times people have machines located in a private network and they are not accessible to any public security danger...
Some times machines are connected to multiple networks and guessing which interface you are trying to remote shell from becomes a hassle to enter the correct one in the .rhost file ...so opening up the whole door temporary is handy ...

This is not a security issue at all .. I am not going to disable any big security door on my box that is connected to the internet..

at work, I have tried just entering a "+" in the .rhost file and that allowed me to remote shell to the machine from any account and any machine ..This worked for Solaris, AIX, HP-UX and IRIX ...and Linux Redhat 7.2 ...But not working in Linux Redhat 8.0 or Debian 3.0 and SuSE 8.1 ????
 
Old 03-09-2003, 10:28 AM   #13
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,820

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally posted by nabil
Some times people have machines located in a private network and they are not accessible to any public security danger... /snip/ ...so opening up the whole door temporary is handy ...

This is not a security issue at all .. I am not going to disable any big security door on my box that is connected to the internet.
Fair enough. We do the same thing at work (mostly Tru64 systems) but we restrict it to specific accounts on specific systems even though we, too, can specify that `+' to really open things up. Even though all of these systems are inside the company firewall, we don't trust just anybody because they're on the inside network.
Quote:
This worked for Solaris, AIX, HP-UX and IRIX ...and Linux Redhat 7.2 ...But not working in Linux Redhat 8.0 or Debian 3.0 and SuSE 8.1 ????
Well, all I can come up with is this: just about every text that I have on the shelf that discusses UNIX security warns against adding that `+' sign to either the hosts.equiv and .rhosts files. I suspect that the Linux distributions have taken these warning to heart and are disallowing you from doing it any longer. It makes remote administration a bit more of a hassle (I finally came to accept that ssh and company are my friends) but I worry less about someone getting access to systems that they shouldn't. That's about all I can come me up with. Wish I could be more help.
 
Old 05-19-2003, 01:45 PM   #14
Tempest69
LQ Newbie
 
Registered: May 2003
Location: Wyoming
Distribution: Redhat 7.3
Posts: 1

Rep: Reputation: 0
I'm trying to get the same thing done. but with root.
I can get it done under 7.3 for users, not root.
Anyone know how to kill that security?
Tried hosts.equiv .hosts and .rhosts in user directories
make sure that the machines are listed in your hsts file as resolvable. good luck.


<security rational>
The machine is secured behind a firewall, with 3 users total.
The box is a cluster, were doing some testing on it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
bash script: using "select" to show multi-word options? (like "option 1"/"o zidane_tribal Programming 7 12-19-2015 01:03 AM
what is "sticky bit mode" , "SUID" , "SGID" augustus123 Linux - General 10 08-03-2012 04:40 AM
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 11:26 AM
"Xlib: extension "XFree86-DRI" missing on display ":0.0"." zaps Linux - Games 9 05-14-2007 03:07 PM
Can't install "glibmm" library. "configure" script can't find "sigc++-2.0&q kornerr Linux - General 4 05-10-2005 02:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 01:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration