rsh as root - no password - /.rhosts or /root/.rhosts doesn't work?

rsh as root - no password - /.rhosts or /root/.rhosts doesn't work?

Post by Glenn Kronschna » Thu, 09 Nov 1995 04:00:00



On most other Unix systems, one can rsh, even as root, to
another machine (or even the same machine) with out being asked for
a password so long as there is a /.rhosts or /root/.rhosts.

I am trying to do this under linux, and it *always* asks for
a password!  Why?  What am I missing?  I searched the FAQ's
and LDP docs but couldn't find anything.

I know this must be possible, because sometimes this is required
(doing a backup for example).

Any help would be greatly appreciated.

--
Cheers,
Glenn                                  
--------------------
Glenn R. Kronschnabl

 
 
 

rsh as root - no password - /.rhosts or /root/.rhosts doesn't work?

Post by Tamas Maj » Fri, 10 Nov 1995 04:00:00



>  On most other Unix systems, one can rsh, even as root, to
>  another machine (or even the same machine) with out being asked for
>  a password so long as there is a /.rhosts or /root/.rhosts.

Just take a look at rshd man-page. It says:

    8.   Rshd then validates the user using ruserok(3),  which uses the file
          /etc/hosts.equiv and the .rhosts file found in the user's home di-
          rectory.  The -l option prevents ruserok(3) from doing any valida-
          tion based on the user's ``.rhosts'' file, unless the user is the
          superuser.

So I had the same problems with this. I wanted to make backups between
different hosts using rdist and this program tries to start another
daemon using rsh. This all works fine unless you start rdist as root,
which is required to copy systemfiles.

Therefor I made a patch to ruserok in libc/inet/rcmd.c and now I can
use rdist without problems. It should be possible to change its
behaviour, so that rsh does not require password for root.

Mail me if you want to know the patches I made

Tamas

--

Lehrstuhl fuer Messtechnik, RWTH-Aachen

 
 
 

rsh as root - no password - /.rhosts or /root/.rhosts doesn't work?

Post by Christoph Lamet » Fri, 10 Nov 1995 04:00:00


: On most other Unix systems, one can rsh, even as root, to
: another machine (or even the same machine) with out being asked for
: a password so long as there is a /.rhosts or /root/.rhosts.
Other machines get hacked into...

: I am trying to do this under linux, and it *always* asks for
: a password!  Why?  What am I missing?  I searched the FAQ's
: and LDP docs but couldn't find anything.
A security feature.

: I know this must be possible, because sometimes this is required
: (doing a backup for example).
No. You can always equip another user with superuser priviledges.

: Any help would be greatly appreciated.
You can try recompile parts of the system...

--
-----------------------------------------------------------------------------
 Christoph Lameter            FTS Box 466, Pasadena, CA 91182
 Internet Administrator       Who is like Jesus... who is like God...?

 
 
 

rsh as root - no password - /.rhosts or /root/.rhosts doesn't work?

Post by Rick Mor » Tue, 14 Nov 1995 04:00:00


: On most other Unix systems, one can rsh, even as root, to
: another machine (or even the same machine) with out being asked for
: a password so long as there is a /.rhosts or /root/.rhosts.

For the most part, this is true.  We do not want the superuser to be
able to just rsh around.  Coming from a large network perspective, we only
want root to be able to rsh from one or two secure hosts.
If you have this "secure-host.your.subnet root" in the root's .rhosts
on the target machine, Try this:
secure-host# rsh target ls

You should be able to rsh and execute just the command (which is what you would
need to do for automated backups and what not).
The impossiblity lies not it in the ruserok exactly, but in /etc/securetty.
Most admins of large networks dont allow the direct rsh'ing in their systems
anyway.  The common way to do remote administration is to do something like
this:
secure-host# rsh target "xterm -display YOUR-DISPLAY:0"&

: I know this must be possible, because sometimes this is required
: (doing a backup for example).

For a backup scheme, I would have to recommend the amanda backup system.
It has worked very very well for us here, and the backup user doesn't have
to be root.

Rick
--
Rick Moran,
Computer Systems Administrator
The University of Tennessee at Knoxville, Department of Mathematics

 
 
 

1. Slakware 3.1 -> 3.4 - .rhosts doesn't work for root any more

I upgraded from slakware 3.1 to 3.4. Earlier I could run rdist (uses rsh
to connect the remote host) as root on host1 and backup files to host2 by
adding host1 to the .rhosts file in host2's root home directory. This doesn't
work any more. The new version has shadow passwords, so I guess it has
completely different login function. Are there any new configuration files
that specifices how you can define a trusted host in version 3.4 ?

-Leif

---------------------------------------------------------
Leif Thuresson               Tel:    +46-18-4713860
Uppsala University           Fax:    +46-18-4713833

P.O.Box 533
S-751 21 Uppsala
Sweden

2. x86 boot sector

3. .rhosts won't work as root

4. Strange kernel problem

5. /.rhosts for root rsh access

6. Q: pmap -x not giving correct memory usage

7. rsh + rlogin without password (.rhosts) -> NOT WORKING

8. Newbie with new hard drive for Linux + W95

9. root's ~/.rhosts - really insecure?

10. Why is root's .rhost being ignored

11. user's .rhosts controlled by root

12. User's rhosts control by root

13. rhosts not working for root