/etc/hosts.equiv verses $HOME/.rhosts
Milton D Miller
milton at ecn.purdue.edu
Thu Sep 6 07:34:42 AEST 1990
In article <430 at cfa.HARVARD.EDU> wyatt at cfa.HARVARD.EDU (Bill Wyatt,OIR) writes:
>>>[...] Could some kind sole tell me why using $HOME/.rhosts
>>>is unsafe and why /etc/hosts.equiv is safe?
>
>> [...] I wouldn't use hosts.equiv for any reason and rhost should
>> only be readable by you. To increase security you may want to have
>> the rhost in place only when you are doing work.
>
>Yes! We use crontab and find(1) once a day on our systems to remove
>ALL .rhosts files. The users may reconstitute their .rhosts files each
>day, of course, but are encouraged to put a `rm ~/.rhosts' into a
>.logout file as well.
>
>Since I use X on several machines at once, I have a script run at
>login time to rlogin to those few machines I always use. My .login on
>those remote machines copies a files into .rhosts. I also have a `log'
>command aliased to set an environment variable before logging out so I
>can log out but not have the .logout script kill the .rhosts file.
>
So you type your password several times (ie one per machine) to
gain access to all of the other machines??
If you are woried about wire security, then here you are sending your
unencrypted password across the network several times. If you are only
woried about others faking host addresses, well, mabye. But is it
really worth the added inconvinence? I would not be suprised to find
scripts that "Do this automagically" from one or more people.
>Bill Wyatt, Smithsonian Astrophysical Observatory (Cambridge, MA, USA)
> UUCP : {husc6,cmcl2,mit-eddie}!harvard!cfa!wyatt
> Internet: wyatt at cfa.harvard.edu
> SPAN: cfa::wyatt BITNET: wyatt at cfa
milton
Milton D. Miller II
ECN student consultant, Purdue University
More information about the Comp.unix.wizards
mailing list