?
Solved

trusted network /etc/hosts

Posted on 2006-05-18
7
Medium Priority
?
303 Views
Last Modified: 2010-04-22
If a server is connected through /etc/hosts, then we can set up rlogin in a way so that the user does not have to insert their password, this is through rlogin/rscp, etc.

My question
1) What's the point of having rlogin instead of telnet ?
2) is it the user and the corresponding /etc/passwd and /etc/shadow must be the same in those 2 server? so that the user can log in without entering their credential...

 
0
Comment
Question by:kecoak
7 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 16711133
This schema is unsafe. Anyone can impose another user via rlogin at will. Better use ssh with authorized keys.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 16713103
Forget telnet.  Forget rlogin.  That's so last century and so insecure.

As gheist says, use ssh instead.
0
 
LVL 27

Accepted Solution

by:
Nopius earned 2000 total points
ID: 16714446
1) What's the point of having rlogin instead of telnet ?
you may connect and execute any program on remote machine from script without interactive password prompt
2) is it the user and the corresponding /etc/passwd and /etc/shadow must be the same in those 2 server? so that the user can log in without entering their credential...
no, you may have different passwd files, different uids, but the same user name.

And as gheist said, it's better to use ssh instead. But there is kerberized version of rlogin which is also secure.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 62

Expert Comment

by:gheist
ID: 16715688
http://www.faqs.org/rfcs/rfc1282.html

Either Kerberos or ssh will require change on every stystem.
0
 
LVL 14

Expert Comment

by:arthurjb
ID: 16721968
>1) What's the point of having rlogin instead of telnet ?

rlogin is sort of a "trusted" telnet

Some folks don't like rlogin because it is not as secure as telnet, but if you have a lagre number of machines with all the same users, and you protect the network via a firewall from the outside world, the "r" commands can make life easier and faster for programmers and sys admins.


2) is it the user and the corresponding /etc/passwd and /etc/shadow must be the same in those 2 server? so that the user can log in without entering their credential...

You also need to setup hosts.equiv .

It is fairly complicated to set it up properly, and set-up errors can elevate the security concerns.  You should read the man page for rlogin and rhosts and hosts.equiv
 
0
 

Author Comment

by:kecoak
ID: 16727992
Ok so this is my understand about /etc/hosts.equiv
Suppose that If I had 2 servers, say Server A and B. I need to have the corresponding server in hosts.equiv

So in my Server A,
hosts.equiv to server B and make sure that the username in Server A contains the one in Server B (ONLY THE USERNAME NOT THE UID AND THE PASSWORD MIGHT BE DIFFERENT) By doing this a user in Server A can login through server B using R Command i.e Rlogin.

0
 
LVL 27

Expert Comment

by:Nopius
ID: 16730581
kecoak: exactly

That's a simple configuration of your Rlogin:

on both hosts:
/etc/hosts:
x.x.x.x server_a
y.y.y.y server_b

your /etc/hosts.equiv on Server A:
server_b

your /etc/hosts.equiv on Server B:
server_a

now with rsh/rlogin open you are able to connect as 'foo_user' if that user present on both systems. Only username must match. Moreover you may connect as a different user, which exists only on remote system if you have local root priveleges.

also ~/.rhosts in each user's home directory is used as an additional authorization database on a per-user basis

0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses
Course of the Month17 days, 2 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question