Sponsored Content
Top Forums Shell Programming and Scripting duplicate entries /.rhosts file Post 302360981 by Smiling Dragon on Sunday 11th of October 2009 09:26:01 PM
Old 10-11-2009
There's no immediate problem having duplicate entries in your .rhosts file.

BUT, should you want to remove a server from it later, you run the risk of accidentally removing only one instead of all the instances of that server name.

I'd suggest you run the file through 'sort -u' or uniq to remove the duplicates, thus reducing your operational risk.

I'll also add the obligatory comment that perhaps you should not be using rhosts at all? ssh keys for individual accounts that you want to trust is 90% of the time a better option. Otherwise, if one host is compromised, all of them are.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

.rhosts and rsh command

Hello all, Ok. Here it the scope I have two Redhat 7.2 machine which I use to test things on. I have a home directory which is NFS mounted via NIS. I have a .rhosts file in the directory with the name of the machine and username, with permission 600. Be when I try to run a rsh command I get... (6 Replies)
Discussion started by: larry
6 Replies

2. Red Hat

rhosts file...

Hi all, Thanks for reading and any susequente posts.... ... I am running a RedHat Ent 3 server. Anyhow I have to do an rlogin to install some software on the box. The problem is that the solaris box I am trying to do the install from carn't get an rlogin. I have tested this with other... (1 Reply)
Discussion started by: B14speedfreak
1 Replies

3. Shell Programming and Scripting

Check host file for duplicate entries

I need a KSH script that will check a host file for duplicate IP's and/or host names and report out the errors. Anyone out there have one they would like to share? Something like: Hostname blahblah appears X times IP Address xxx.xxx.xxx.xxx appears X times TIA (4 Replies)
Discussion started by: ThreeDot
4 Replies

4. Solaris

Duplicate crontab entries

hi guys. can someone tell me what will happen if there are two identical crontab entry for an application. For example 03 23 * * 1 /usr/vt/crondemo 03 23 * * 1 /usr/vt/crondemo will the file crondemo run twice, once or wont run at all?? (2 Replies)
Discussion started by: vikashtulsiyan
2 Replies

5. Shell Programming and Scripting

Removal of Duplicate Entries from the file

I have a file which consists of 1000 entries. Out of 1000 entries i have 500 Duplicate Entires. I want to remove the first Duplicate Entry (i,e entire Line) in the File. The example of the File is shown below: 8244100010143276|MARISOL CARO||MORALES|HSD768|CARR 430 KM 1.7 ... (1 Reply)
Discussion started by: ravi_rn
1 Replies

6. Shell Programming and Scripting

duplicate entries /.rhosts file

Hi All, I have one problem related to /.rhosts file. According to my understanding, /.rhosts file is used for "rsh". What will happen if I have duplicate entries in this file? e.g> my .rhosts file looks like Code: wcars42g wcars89j wcars42g wcars42b wcars42b Will duplicate entries... (1 Reply)
Discussion started by: akash_mahakode
1 Replies

7. Shell Programming and Scripting

Counting duplicate entries in a file using awk

Hi, I have a very big (with around 1 million entries) txt file with IPv4 addresses in the standard format, i.e. a.b.c.d The file looks like 10.1.1.1 10.1.1.1 10.1.1.1 10.1.2.4 10.1.2.4 12.1.5.6 . . . . and so on.... There are duplicate/multiple entries for some IP... (3 Replies)
Discussion started by: sajal.bhatia
3 Replies

8. Solaris

After reboot the .rhosts file in nobody nobody

Hi All, I have a station in solaris 10 in a environnemet NIS. after reboot of the station the file ". rhosts" has the UID / GID nobody. Could you please help me to find the solution? Thx. Vince (0 Replies)
Discussion started by: Vince78
0 Replies

9. Red Hat

+ + in .rhosts is causing a "Permission Denied"

I have a user who has "+ +" at the top of his .rhosts file. He cannot "rsh NODE date" to a different box ( both are RHEL 5.4 ). If I remove the "+ +" then the "RSH" works. I have correct settings of node names/user in the .rhosts file. I even tried adding to the second box's... (3 Replies)
Discussion started by: rom828
3 Replies

10. Shell Programming and Scripting

How to check duplicate entries in file ? (Solaris-9)

Hi, There are duplicate entries in file, but uniq will not see because first field is different. How will I catch all lines, which are having duplicate IPs ? bash-2.05# cat db.file | grep 172.30.133.11 dsrq-ctrl1-prod A 172.30.133.11 e911q-db1-nxge0 A 172.30.133.11... (4 Replies)
Discussion started by: solaris_1977
4 Replies
hosts.equiv(4)							   File Formats 						    hosts.equiv(4)

NAME
hosts.equiv, rhosts - trusted remote hosts and users DESCRIPTION
The /etc/hosts.equiv and .rhosts files provide the "remote authentication" database for rlogin(1), rsh(1), rcp(1), and rcmd(3SOCKET). The files specify remote hosts and users that are considered "trusted". Trusted users are allowed to access the local system without supplying a password. The library routine ruserok() (see rcmd(3SOCKET)) performs the authentication procedure for programs by using the /etc/hosts.equiv and .rhosts files. The /etc/hosts.equiv file applies to the entire system, while individual users can maintain their own .rhosts files in their home directories. These files bypass the standard password-based user authentication mechanism. To maintain system security, care must be taken in creating and maintaining these files. The remote authentication procedure determines whether a user from a remote host should be allowed to access the local system with the identity of a local user. This procedure first checks the /etc/hosts.equiv file and then checks the .rhosts file in the home directory of the local user who is requesting access. Entries in these files can be of two forms. Positive entries allow access, while negative entries deny access. The authentication succeeds when a matching positive entry is found. The procedure fails when the first matching nega- tive entry is found, or if no matching entries are found in either file. The order of entries is important. If the files contain both posi- tive and negative entries, the entry that appears first will prevail. The rsh(1) and rcp(1) programs fail if the remote authentication pro- cedure fails. The rlogin program falls back to the standard password-based login procedure if the remote authentication fails. Both files are formatted as a list of one-line entries. Each entry has the form: hostname [username] Hostnames must be the official name of the host, not one of its nicknames. Negative entries are differentiated from positive entries by a `-' character preceding either the hostname or username field. Positive Entries If the form: hostname is used, then users from the named host are trusted. That is, they may access the system with the same user name as they have on the remote system. This form may be used in both the /etc/hosts.equiv and .rhosts files. If the line is in the form: hostname username then the named user from the named host can access the system. This form may be used in individual .rhosts files to allow remote users to access the system as a different local user. If this form is used in the /etc/hosts.equiv file, the named remote user will be allowed to access the system as any local user. netgroup(4) can be used in either the hostname or username fields to match a number of hosts or users in one entry. The form: +@netgroup allows access from all hosts in the named netgroup. When used in the username field, netgroups allow a group of remote users to access the system as a particular local user. The form: hostname +@netgroup allows all of the users in the named netgroup from the named host to access the system as the local user. The form: +@netgroup1 +@netgroup2 allows the users in netgroup2 from the hosts in netgroup1 to access the system as the local user. The special character `+' can be used in place of either hostname or username to match any host or user. For example, the entry + will allow a user from any remote host to access the system with the same username. The entry + username will allow the named user from any remote host to access the system. The entry hostname + will allow any user from the named host to access the system as the local user. Negative Entries Negative entries are preceded by a `-' sign. The form: -hostname will disallow all access from the named host. The form: -@netgroup means that access is explicitly disallowed from all hosts in the named netgroup. The form: hostname -username disallows access by the named user only from the named host, while the form: + -@netgroup will disallow access by all of the users in the named netgroup from all hosts. Search Sequence To help maintain system security, the /etc/hosts.equiv file is not checked when access is being attempted for super-user. If the user attempting access is not the super-user, /etc/hosts.equiv is searched for lines of the form described above. Checks are made for lines in this file in the following order: 1. + 2. +@netgroup 3. -@netgroup 4. -hostname 5. hostname The user is granted access if a positive match occurrs. Negative entries apply only to /etc/hosts.equiv and may be overridden by subse- quent .rhosts entries. If no positive match occurred, the .rhosts file is then searched if the user attempting access maintains such a file. This file is searched whether or not the user attempting access is the super-user. As a security feature, the .rhosts file must be owned by the user who is attempting access. Checks are made for lines in .rhosts in the following order: 1. + 2. +@netgroup 3. -@netgroup 4. -hostname 5. hostname FILES
/etc/hosts.equiv system trusted hosts and users ~/.rhosts user's trusted hosts and users SEE ALSO
rcp(1), rlogin(1), rsh(1), rcmd(3SOCKET), hosts(4), netgroup(4), passwd(4) WARNINGS
Positive entries in /etc/hosts.equiv that include a username field (either an individual named user, a netgroup, or `+' sign) should be used with extreme caution. Because /etc/hosts.equiv applies system-wide, these entries allow one, or a group of, remote users to access the system as any local user. This can be a security hole. For example, because of the search sequence, an /etc/hosts.equiv file consisting of the entries + -hostxxx will not deny access to "hostxxx". SunOS 5.11 23 Jun 1997 hosts.equiv(4)

Featured Tech Videos

All times are GMT -4. The time now is 07:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy