UNIX for Dummies Questions & Answers

I found in some cases even with a .rhosts file on Red Hat that it was still prompting for user name and password which was a major problem for automated transfer programs that I needed to run rcp. If you are running into this problem you will need to add a file called <b>/etc/hosts.equiv</b> but this is not very secure. Much better to use ssh2 as suggested before.

Probably due to permissions on your .rhosts file. Linux (unlike some other commercial Unices) requires that the .rhosts file not have any group or other permissions. In other words it should be mode 0600.

Thanks, that could be it. I don't remember the file permissions exactly since it's been a while. I do remember the Unix servers we used had no problems so I will try this next time.

Be very careful with /etc/hosts.equiv. It can be dangerous. You can use .rhosts and be somewhat exposed but you won't give the user access to ROOT on the box like you will with /etc/hosts.equiv!

I just want all to understand that /etc/hosts.equiv gives you EQUIVILENCY AS ROOT. In other words, you will have the same ability as root because that is what hosts.equiv gives you.

As much as I love .rhosts and ssh, try to steer clear of hosts.equiv files on your systems. One good reason for this is that someone could spoof as a trusted system that is in hosts.equiv file and gain access to your whole network and do some real damage to your company!

As mentioned it was not the most secure decision. Perhaps I should metion that these were completely secured boxes and on an internal, network that was not accessable from outside. Also, even if someone had physically been able to gain access the contents of the machines were actually trivial enough not to worry us if someone did hack in.

I offer host.equiv only as a point of information, it is definitely too insecure to use on an exposed box. However, I want to clearify something: you only have the account equivalency that you transfer between machines, thus, <b>root</b> = <b>root</b>, but <b>ONLY root</b> = <b>root</b> so saying that you have root equivilancy is not exactly accurate. If you log in on a remote trusted machine as <b>user1</b> you can only be <b>user1</b> on the local machine so this method is not much more insure than using .rhost, except you don't have control of the exact accounts that are equivilent. In fact, it is very similar to trust between domains in a Windows network (host.equiv basically spells out a one-way trust in Windows terminology).

As for spoofing that is certainly a risk for any system and you should always have any server behind a properly setup firewall to avoid spoofing. If someone can hack through your firewall SSH can offer more protection. Again, the best solution is always the secure one such as SSH2.

Yes I may have come across too strong. I agree with you that it is unsecure.

I only wanted to warn those who dont have secure environments like you and I have at work that it can be dangerous to use hosts.equiv.

Sorry for any strong statements that I had made. I only wanted to underscore the problems with /etc/hosts.equiv.

I agree that in a secure trusted environment it wouldn't be as much of an issue.

Again, sorry for wording my email too strongly.

Actually, no offense taken, I just realized that I didn't explain enough.