Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to be able to use rlogin as root over my work network. I know its a major security issue but neither machines have connections to the outside world.
I have allowed the rlogin service
Amended the /etc/securetty to include
rlogin
pts/0
pts/1
and restarted xinetd service.
My /etc/hosts.equiv file on <machineA> contains '<machineB> root'
When I attempt to rlogin from <MachineB> as root. It asks me to authenticate with a password. If I then type the password in access is granted.
If I change the hosts.equiv file to allow 'lapthorn' access to <MachineA> and attempt an rlogin, no password is needed.
I thought adding rlogin, pts/0, pts/1 into /etc/securetty would allow root to have access without password. Am I missing anything?
Have you considered using ssh/scp with exchanged keys? It will give you the same effect, no password required to login or copy files, but will do so relatively securely.
The man pages should cover this, and it's easy to set up.
I don't use the r* apps on linux, so I can't help you directly.
Originally posted by lapthorn
If I change the hosts.equiv file to allow 'lapthorn' access to <MachineA> and attempt an rlogin, no password is needed.
I thought adding rlogin, pts/0, pts/1 into /etc/securetty would allow root to have access without password. Am I missing anything?
James
Well I'm sure you will get an answer, but trying to make any machine root login without any password is not a great habit to develop. just my Anytime I see the motive to set up passwordless access, I have to winder why. If the password itself is such an annoying deal, maybe a few guildlines can help: NO use of birthday/backwards phone numbers/backward birthday -sister's year - mom's month and crap like that Try something like initials generated from things that you really like in life that no one could guess. racing-cars-rap music >> to F Fararri rap J Z --things like that. Choose something that's so easy to remember that you don't write it down EVER --what's worse then a total password compromised cause a bit of paper fell on to the floor! isn't this more helpful then defeating the password??
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Re: rlogin as root without password
Anytime I see the motive to set up passwordless access, I have to winder why. If the password itself is such an annoying deal, maybe a few guildlines can help: NO use of birthday/backwards phone numbers/backward birthday -sister's year - mom's month and crap like that Try something like initials generated from things that you really like in life that no one could guess. racing-cars-rap music >> to F Fararri rap J Z --things like that. Choose something that's so easy to remember that you don't write it down EVER --what's worse then a total password compromised cause a bit of paper fell on to the floor! isn't this more helpful then defeating the password??
