allowing root of another machine to rsh in ?

allowing root of another machine to rsh in ?

Post by Michel Oosterh » Wed, 11 Oct 1995 04:00:00



: Given two trusted machines, how can I allow root on one machine to
: rsh/rlogin to the other machine without needing to enter a password?
: I have added the machine names to both /etc/hosts.equiv and
: /etc/hosts.allow, but this does not seem to allow root to rsh in
: (other users can, just not root).

: As of now, I get a permission denied message, and the following shows
: up in the log:


: I am using slackware 3.0, with the relevant inetd.conf line being:

: shell   stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.rshd

: Besides telling me that this is all a bad idea, can someone tell me
: what is actually preventing root for rsh'ing in, and how to turn off
: this "safeguard"?

: Thanks.
: --
: Stephen Hsieh              Dept. of Electrical Engineering and Computer Science

: -------------------------------------------------------------------------------

Root can only use rlogin if there is a .rhosts file in roots homedirectory.
It ignores the hosts.equiv file in this case.

------------------------------------------------------------------------------

       Department of Applied Physics -- Twente University of Technology

------------------------------------------------------------------------------

 
 
 

allowing root of another machine to rsh in ?

Post by Steve Hsi » Wed, 11 Oct 1995 04:00:00


Given two trusted machines, how can I allow root on one machine to
rsh/rlogin to the other machine without needing to enter a password?
I have added the machine names to both /etc/hosts.equiv and
/etc/hosts.allow, but this does not seem to allow root to rsh in
(other users can, just not root).

As of now, I get a permission denied message, and the following shows
up in the log:


I am using slackware 3.0, with the relevant inetd.conf line being:

shell   stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.rshd

Besides telling me that this is all a bad idea, can someone tell me
what is actually preventing root for rsh'ing in, and how to turn off
this "safeguard"?

Thanks.
--
Stephen Hsieh              Dept. of Electrical Engineering and Computer Science

-------------------------------------------------------------------------------

 
 
 

allowing root of another machine to rsh in ?

Post by John Got » Fri, 13 Oct 1995 04:00:00





>>Given two trusted machines, how can I allow root on one machine to
>>rsh/rlogin to the other machine without needing to enter a password?

>>Besides telling me that this is all a bad idea, can someone tell me
>>what is actually preventing root for rsh'ing in, and how to turn off
>>this "safeguard"?
>I'm going to tell you anyway -- THIS IS VERY INSECURE!!! Unless the
>machines are not connected to the internet, that is.
>That said, you need to edit the .rhosts file in root's home directory. That
>is the file that will allow rsh's in. You can get rid of all the
>hosts.equiv etc stuff. Its doesn't matter for .rsh and .rlogin.
>Having told you how to do it, I want to tell you again-- It is very
>insecure, because anyone sending a rsh request to your machine with a
>spoofed source address can gain access to your machines as root. Hopefully
>you are behind a firewall which can prevent this sort of attack.
>They're your machines, of course. I just want you to be aware of what can
>happen.

To reiterate, make sure you have your TCP wrappers properly configured, i.e. in
paranoid mode at the very least.

Furthermore, TCP wrappers may help prevent spoofing, but don't expect them to
keep hackers out; remember, hackers have nothing better to do than gain access
to your machine.

A _much_ better move IMHO would be to get ahold of SSH (cs.hut.fi:/pub/ssh) and
install it on your machines.  It is very easy to compile and set up, and once
installed correctly, you can do exactly what you want to do in relative safety.

--

(Not speaking for CAEN.)

 
 
 

1. Allowing root to rsh

I put all the ttyps in /etc/securetty and root can now rsh in.
However, the first time it asks for the password, the login
fails.  Then it asks for the username and password again, like
this:


Password:
login: root
Password:
Last login: Thu Feb 12 01:51:08 from cervesa.home-net
You have new mail.

This is on Red Hat, 4.2 and 5.0. Does anyone know how to fix this?

--
Larry D. Pyeatt                     All standard disclaimers apply.

http://www.cs.colostate.edu/~pyeatt

2. help.. ps and top dont work anymore

3. Any way to allow root rsh/rlogin in RH6.0??

4. RealProducer in emulation mode

5. allowing root to rsh in

6. ATA/UDMA66 for Solaris???

7. How do you allow root to rsh/rcp/rlogin/etc?

8. PLEASE HELP

9. allowing root to rsh

10. Allowing root rsh

11. Allowing root a rsh

12. Help: can't rsh as root into FreeBSD 2.2.6R machine

13. how to allow non-root users to halt the machine?