Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Find the IP address that a telnet session uses
Top Forums Programming Find the IP address that a telnet session uses Post 13558 by Kelam_Magnus on Friday 18th of January 2002 03:57:46 PM
Old 01-18-2002
thalex
The main problem with /etc/hosts.equiv is that it is a VERY bad security hole.

By using IP spoofing, anyone can break into your system. There are other good ways to check the users when the login.

If someone can login as one of your users via /etc/hosts.equiv that could be very dangerous.

Is /etc/securetty an option?
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

telnet session timeout

hi, we can set something such that if the user has been idle for a while, it will auto disconnect. where to do so? thanks (6 Replies)
Discussion started by: yls177
6 Replies

2. UNIX for Advanced & Expert Users

Host IP address for a telnet session

I am using Tru64UX 5.1a on alphaserver 4100. Users access the application through Telnet sessions to this server. My requirement is to limit the users login through their PCs only. Is there any way I can accomplish this on the unix box ? I want to include a script in the .profile ( or... (1 Reply)
Discussion started by: shauche
1 Replies

3. Shell Programming and Scripting

Telnet session does not expire

Dear friends.. Our project has a module that runs on handheld devices. Through the handheld we telnet to solaris where the application actually runs. I noticed that after starting a session through the handheld, if i go out of range or if i remove and replace the battery in the handheld, the... (1 Reply)
Discussion started by: deepsteptom
1 Replies

4. Shell Programming and Scripting

Telnet Session

{ sleep 2 echo "$user" sleep 2 echo "$password" sleep 2 echo " ls" sleep 10 echo "exit" }| telnet $server I have a machine x and i have executed the above script on machine 'x'. i entered the... (6 Replies)
Discussion started by: pathanjalireddy
6 Replies

5. IP Networking

intercept the ip address of a telnet session

The situation: a Unix system (UnixWare 7.1.3) to which are connected other systems; various p.c. on the LAN that they connect Unix to the system via TelNet. The problem: I need to intercept the address IP of the p.cs. connected via telnet to the Unix system. Particularly, I have to know the... (2 Replies)
Discussion started by: paololrp
2 Replies

6. UNIX for Dummies Questions & Answers

Unix Telnet session

Hi Is there any way whilst in a telnet session you can view your client machine name that you are using to connect to the Unix box ? :eek: (2 Replies)
Discussion started by: mlucas
2 Replies

7. UNIX for Dummies Questions & Answers

Telnet Session to AIX

Hello, I have AIX 5.3 at home connected to netgear router. Port Forwarding has been enabled on the router. Problem is that if I want to telnet, I have to try 2 or 3 times before I can get a logon prompt. It times out for first or second time (Connection to session <IP_Address> failed: Connection... (1 Reply)
Discussion started by: bluebee
1 Replies

8. UNIX for Dummies Questions & Answers

Disconnecting a telnet session

How can I disconnect an existing telnet session? The host is a serial port server with multiple ports. The users login using the host's name and a port, i.e. telnet host01 1235. Thanks. (14 Replies)
Discussion started by: cooldude
14 Replies

9. HP-UX

ssh session getting hung (smilar to hpux telnet session is getting hung after about 15 minutes)

Our network administrators implemented some sort of check to kill idle sessions and now burden is on us to run some sort of keep alive. Client based keep alive doesn't do a very good job. I have same issue with ssh. Does solution 2 provided above apply for ssh sessions also? (1 Reply)
Discussion started by: yoda9691
1 Replies

LEARN ABOUT NETBSD

rhosts

HOSTS.EQUIV(5)						      BSD File Formats Manual						    HOSTS.EQUIV(5)

NAME

     hosts.equiv, .rhosts -- trusted remote hosts and host-user pairs

DESCRIPTION

     The hosts.equiv and .rhosts files list hosts and users which are ``trusted'' by the local host when a connection is made via rlogind(8),
     rshd(8), or any other server that uses ruserok(3).  This mechanism bypasses password checks, and is required for access via rsh(1).

     Each line of these files has the format:

	   hostname [username]

     The hostname may be specified as a host name (typically a fully qualified host name in a DNS environment) or address, ``+@netgroup'' (from
     which only the host names are checked), or a ``+'' wildcard (allow all hosts).

     The username, if specified, may be given as a user name on the remote host, ``+@netgroup'' (from which only the user names are checked), or a
     ``+'' wildcard (allow all remote users).

     If a username is specified, only that user from the specified host may login to the local machine.  If a username is not specified, any user
     may login with the same user name.

EXAMPLES

     somehost
	   A common usage:  users on somehost may login to the local host as the same user name.
     somehost username
	   The	user  username	on  somehost may login to the local host.  If specified in /etc/hosts.equiv, the user may login with only the same
	   user name.
     +@anetgroup username
	   The user username may login to the local host from any machine listed in the netgroup anetgroup.
     +
     + +
	   Two severe security hazards.  In the first case, allows a user on any machine to login to the local host as the same user name.  In the
	   second case, allows any user on any machine to login to the local host (as any user, if in /etc/hosts.equiv).

WARNINGS

     The username checks provided by this mechanism are not secure, as the remote user name is received by the server unchecked for validity.
     Therefore this mechanism should only be used in an environment where all hosts are completely trusted.

     A numeric host address instead of a host name can help security considerations somewhat; the address is then used directly by iruserok(3).

     When a username (or netgroup, or +) is specified in /etc/hosts.equiv, that user (or group of users, or all users, respectively) may login to
     the local host as any local user.	Usernames in /etc/hosts.equiv should therefore be used with extreme caution, or not at all.

     A .rhosts file must be owned by the user whose home directory it resides in, and must be writable only by that user.

     Logins as root only check root's .rhosts file; the /etc/hosts.equiv file is not checked for security.  Access permitted through root's
     .rhosts file is typically only for rsh(1), as root must still login on the console for an interactive login such as rlogin(1).

FILES

     /etc/hosts.equiv  Global trusted host-user pairs list
     ~/.rhosts	       Per-user trusted host-user pairs list

SEE ALSO

     rcp(1), rlogin(1), rsh(1), rcmd(3), ruserok(3), netgroup(5)

HISTORY

     The .rhosts file format appeared in 4.2BSD.

BUGS

     The ruserok(3) implementation currently skips negative entries (preceded with a ``-'' sign) and does not treat them as ``short-circuit'' neg-
     ative entries.

BSD
								 November 26, 1997							       BSD
All times are GMT -4. The time now is 12:46 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy