Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.


  Search this Thread
Old 08-06-2009, 11:46 PM   #16
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,774

Rep: Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537

You may find this useful
But in any case, avoid plaintext protocols if possible eg rsh, rcp, remsh, rlogin, telnet etc
Old 05-24-2020, 09:39 PM   #17
LQ Newbie
Registered: Jun 2017
Distribution: Debian
Posts: 8

Rep: Reputation: Disabled
Looks like ssh Host-based authentication shouldn't be used at all any more! See:

There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system.

Finding ID Version Rule ID IA Controls Severity
V-11988 GEN002040 SV-37370r1_rule ECCD-1 ECCD-2 High
The .rhosts, .shosts, hosts.equiv, and shosts.equiv files are used to configure host-based authentication for individual users or the system. Host-based authentication is not sufficient for preventing unauthorized access to the system.
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Check Text ( C-36057r1_chk )
Check for the existence of the files.

# find / -name .rhosts
# find / -name .shosts
# find / -name hosts.equiv
# find / -name shosts.equiv

If .rhosts, .shosts, hosts.equiv, or shosts.equiv are found and their use has not been documented and approved by the IAO, this is a finding.
Fix Text (F-31301r1_fix)
Remove all the r-commands access control files.

# find / -name .rhosts -exec rm {} \;
# find / -name .shosts -exec rm {} \;
# find / -name hosts.equiv -exec rm {} \;
# find / -name shosts.equiv -exec rm {} \;
Old 05-25-2020, 07:08 AM   #18
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris 11.4, Oracle Linux, Mint, Ubuntu/WSL
Posts: 9,776

Rep: Reputation: 470Reputation: 470Reputation: 470Reputation: 470Reputation: 470
Originally Posted by Telo View Post
Looks like ssh Host-based authentication shouldn't be used at all any more!
This recommendation was already given twelve years ago in this very thread...

By the way, while it doesn't make a lot of difference in that precise case, beware that advice related to Linux do not necessarily apply to Solaris, and reciprocally.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
newbie question: whats the difference between "su root", "su" and "su -&quo mojarron Slackware 9 12-07-2009 04:08 PM
LXer: Displaying "MyComputer", "Trash", "Network Servers" Icons On A GNOME Desktop LXer Syndicated Linux News 0 04-02-2007 08:31 AM
Can you explain the difference between "Free Software (GNU)" and "Open Source"? vharishankar General 5 03-03-2005 09:40 AM
difference between "Web server local URL" and "IPv4 address"? kpachopoulos Linux - General 2 09-17-2004 01:30 PM
"User" & "System" CPU load difference JJX Linux - General 3 06-06-2004 01:42 AM > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 08:04 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration