|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
Automation of telnet and ftp
Post 9945 by Kelam_Magnus on Monday 5th of November 2001 10:43:32 PM
11-05-2001
trusted vs non-trusted environments
If your systems exist in a trusted "secure" environment, inside a firewall, and you don't go outside that firewall, then you can use .rhosts and rlogin.
Each user has to be defined on the other system in a .rhosts file in the home directory of the user. For root, it should be in / or /root depending on the version.
Then you can use the command rlogin hostname -l username, and it will get you right in. Your syntax may vary.
Telnet is risky in an exposed environment, but I work for a very large telecom company in Dallas and we use it all the time. The key is to disable the .rhosts file when it is not in use and also restrict it to the System Admin only while preventing users from creating .rhosts files in their home directories. By limiting the use of .rhosts, you can prevent unscruplous users from allowing people into your systems.
I hope that doesn't sound preachy, but it is true. Security doesn't mean shutting everyone out all the time. You have to have a certain level of trust some of the time, for any work to get done.
Sorry, preachy again... I'll get off my soapbox now...
Each user has to be defined on the other system in a .rhosts file in the home directory of the user. For root, it should be in / or /root depending on the version.
Then you can use the command rlogin hostname -l username, and it will get you right in. Your syntax may vary.
Telnet is risky in an exposed environment, but I work for a very large telecom company in Dallas and we use it all the time. The key is to disable the .rhosts file when it is not in use and also restrict it to the System Admin only while preventing users from creating .rhosts files in their home directories. By limiting the use of .rhosts, you can prevent unscruplous users from allowing people into your systems.
I hope that doesn't sound preachy, but it is true. Security doesn't mean shutting everyone out all the time. You have to have a certain level of trust some of the time, for any work to get done.
Sorry, preachy again... I'll get off my soapbox now...
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi guys,
Here is my requirement for ftp script that i have to automate in unix using shell script:
1) Find the files that atre created one week from the present day.
2) ftp them to the backup server.
3) At the end of the month make a new directory on my backup server with the new month(eg:Once... (1 Reply)
Discussion started by: koduri0475
1 Replies
2. UNIX Desktop Questions & Answers
Hi guys,
Here is my requirement for ftp script that i have to automate in unix using shell script:
1) Find the files that atre created one week from the present day.
2) ftp them to the backup server.
3) At the end of the month make a new directory on my backup server with the new month(eg:Once... (1 Reply)
Discussion started by: koduri0475
1 Replies
3. Filesystems, Disks and Memory
Hi guys,
Here is my requirement for ftp script that i have to automate in unix using shell script:
1) Find the files that atre created one week from the present day.
2) ftp them to the backup server.
3) At the end of the month make a new directory on my backup server with the new month(eg:Once... (1 Reply)
Discussion started by: koduri0475
1 Replies
4. Cybersecurity
Hi All,
I am a newbie to unix and scripting. I need to do the following job:
1. Create a batch file in windows that will call a script in a remote unix box.
2. The script now ftp files from the Remote windows machine and get them back to the local windows.
Actually, I have written the script... (3 Replies)
Discussion started by: Ankur
3 Replies
5. UNIX for Advanced & Expert Users
Hi,
I am working in Unix and Teradata fastload. I need to automate file transfer through ftp from windows path to Unix directory at a specific time, then I should call fastload scripts execution. I have got the fastload script. Entire process should be automated without any manual intervention. It... (1 Reply)
Discussion started by: SATYAPRIYA_D
1 Replies
6. Shell Programming and Scripting
ftp automation code is
ftp -v -n -i $host_name << EOF
user $u_name $u_pass
bi
mput $tar_file
bye
EOF
How to check whether the file is successfully transfered or not. Suppose the user name or password is provided wrongly then the code should track the error and ask the end user to enter... (2 Replies)
Discussion started by: Dip
2 Replies
7. Shell Programming and Scripting
Hi,
I have got a requirement like this.
a parameterized function custFtp which will take 5 i/ps and will do the following tasks.
p1) server name
p2) username
p3) password
p4) path name of the server where the file resides
p5) file name pattern
the function will work like this.
... (1 Reply)
Discussion started by: ani_datta
1 Replies
8. AIX
Here is my requirement to automate the deployment procedure for my project.
Telnet to AIX box (say SERVER1) from windows machine (with USER1)
Select the server to login say "SERVER2"
su as different user say "USER2"(Owner of the deployed files)
Execute the script (Script has so many... (1 Reply)
Discussion started by: nurainos
1 Replies
9. Shell Programming and Scripting
Hi,
i am trying to automate an ftp script which is as below.But my user id has special characters(aaa\$ifg). So it is not working correctly.Can anyone help on this?I tried providing both of them in double & singe quoted. But somehow it is not picking the "\". Also tried keeping \ before the... (3 Replies)
Discussion started by: aeroticman
3 Replies
10. Shell Programming and Scripting
Dear experts, please help me .
I've found simple EXPECT scripts and all works fine. But I need more automation in error handling and sending list of commands/output logging from multiple remote hosts.
I have 10 hosts, for example:
host1 192.168.1.1 LOGIN1 PASSWORD1
...... ... (2 Replies)
Discussion started by: starchen
2 Replies
LEARN ABOUT OPENSOLARIS
hosts.equiv
hosts.equiv(4) File Formats hosts.equiv(4) NAME
hosts.equiv, rhosts - trusted remote hosts and users DESCRIPTION
The /etc/hosts.equiv and .rhosts files provide the "remote authentication" database for rlogin(1), rsh(1), rcp(1), and rcmd(3SOCKET). The files specify remote hosts and users that are considered "trusted". Trusted users are allowed to access the local system without supplying a password. The library routine ruserok() (see rcmd(3SOCKET)) performs the authentication procedure for programs by using the /etc/hosts.equiv and .rhosts files. The /etc/hosts.equiv file applies to the entire system, while individual users can maintain their own .rhosts files in their home directories. These files bypass the standard password-based user authentication mechanism. To maintain system security, care must be taken in creating and maintaining these files. The remote authentication procedure determines whether a user from a remote host should be allowed to access the local system with the identity of a local user. This procedure first checks the /etc/hosts.equiv file and then checks the .rhosts file in the home directory of the local user who is requesting access. Entries in these files can be of two forms. Positive entries allow access, while negative entries deny access. The authentication succeeds when a matching positive entry is found. The procedure fails when the first matching nega- tive entry is found, or if no matching entries are found in either file. The order of entries is important. If the files contain both posi- tive and negative entries, the entry that appears first will prevail. The rsh(1) and rcp(1) programs fail if the remote authentication pro- cedure fails. The rlogin program falls back to the standard password-based login procedure if the remote authentication fails. Both files are formatted as a list of one-line entries. Each entry has the form: hostname [username] Hostnames must be the official name of the host, not one of its nicknames. Negative entries are differentiated from positive entries by a `-' character preceding either the hostname or username field. Positive Entries If the form: hostname is used, then users from the named host are trusted. That is, they may access the system with the same user name as they have on the remote system. This form may be used in both the /etc/hosts.equiv and .rhosts files. If the line is in the form: hostname username then the named user from the named host can access the system. This form may be used in individual .rhosts files to allow remote users to access the system as a different local user. If this form is used in the /etc/hosts.equiv file, the named remote user will be allowed to access the system as any local user. netgroup(4) can be used in either the hostname or username fields to match a number of hosts or users in one entry. The form: +@netgroup allows access from all hosts in the named netgroup. When used in the username field, netgroups allow a group of remote users to access the system as a particular local user. The form: hostname +@netgroup allows all of the users in the named netgroup from the named host to access the system as the local user. The form: +@netgroup1 +@netgroup2 allows the users in netgroup2 from the hosts in netgroup1 to access the system as the local user. The special character `+' can be used in place of either hostname or username to match any host or user. For example, the entry + will allow a user from any remote host to access the system with the same username. The entry + username will allow the named user from any remote host to access the system. The entry hostname + will allow any user from the named host to access the system as the local user. Negative Entries Negative entries are preceded by a `-' sign. The form: -hostname will disallow all access from the named host. The form: -@netgroup means that access is explicitly disallowed from all hosts in the named netgroup. The form: hostname -username disallows access by the named user only from the named host, while the form: + -@netgroup will disallow access by all of the users in the named netgroup from all hosts. Search Sequence To help maintain system security, the /etc/hosts.equiv file is not checked when access is being attempted for super-user. If the user attempting access is not the super-user, /etc/hosts.equiv is searched for lines of the form described above. Checks are made for lines in this file in the following order: 1. + 2. +@netgroup 3. -@netgroup 4. -hostname 5. hostname The user is granted access if a positive match occurrs. Negative entries apply only to /etc/hosts.equiv and may be overridden by subse- quent .rhosts entries. If no positive match occurred, the .rhosts file is then searched if the user attempting access maintains such a file. This file is searched whether or not the user attempting access is the super-user. As a security feature, the .rhosts file must be owned by the user who is attempting access. Checks are made for lines in .rhosts in the following order: 1. + 2. +@netgroup 3. -@netgroup 4. -hostname 5. hostname FILES
/etc/hosts.equiv system trusted hosts and users ~/.rhosts user's trusted hosts and users SEE ALSO
rcp(1), rlogin(1), rsh(1), rcmd(3SOCKET), hosts(4), netgroup(4), passwd(4) WARNINGS
Positive entries in /etc/hosts.equiv that include a username field (either an individual named user, a netgroup, or `+' sign) should be used with extreme caution. Because /etc/hosts.equiv applies system-wide, these entries allow one, or a group of, remote users to access the system as any local user. This can be a security hole. For example, because of the search sequence, an /etc/hosts.equiv file consisting of the entries + -hostxxx will not deny access to "hostxxx". SunOS 5.11 23 Jun 1997 hosts.equiv(4)