Very Computer

by **Doug Siebe** » Fri, 23 Apr 1993 09:25:54

Solaris ships much more secure than SunOS by default. This is a good thing.
However, it is very much a pain for our purposes that root cannot use rlogin
or rsh or rcp to access a Solaris machine. This is probably in the Answerbook
CDROM, but we keep bugging our rep for it and he never seems to get around to
providing one for us....*sigh* Anyway, I checked to see if the ways I know
from other Unixes would help here, but it doesn't help, I can't seem to make
non-console logins 'secure'. Any help out there?

--
/-----------------------------------------------------------------------------\
| Doug Siebert | "I don't have to take this abuse |

| ICBM: 41d 39m 55s N, 91d 30m 43s W | me!" Bill Murray, Ghostbusters |
\-----------------------------------------------------------------------------/

by **Win E. Strickla** » Fri, 23 Apr 1993 23:45:59

>Solaris ships much more secure than SunOS by default. This is a good thing.
>However, it is very much a pain for our purposes that root cannot use rlogin
>or rsh or rcp to access a Solaris machine. This is probably in the Answerbook
>CDROM, but we keep bugging our rep for it and he never seems to get around to
>providing one for us....*sigh* Anyway, I checked to see if the ways I know
>from other Unixes would help here, but it doesn't help, I can't seem to make
>non-console logins 'secure'. Any help out there?

From the FAQ:

Why can't I rlogin/telnet in as root?

>... when I try to rlogin as root ...
>it gives me the message "Not on system console
>Connection closed.". What have I left out?

Solaris 2 comes out of the box a heck of a lot more secure than
Solaris 1. There is no '+' in the hosts.equiv. root logins are not
allowed anywhere except the console. All accounts require passwords.
In order to allow root logins over the net, you need to edit the
/etc/default/login file and comment out or otherwise change the
CONSOLE= line.

To amplify, in /etc/default/login CONSOLE can be used in a variety of ways:

1) CONSOLE=/dev/console (default) - direct root logins only on console
2) CONSOLE= - direct root logins disallowed everywhere
3) #CONSOLE (or delete the line) - root logins allowed everywhere

by **Jan Wortelbo** » Sat, 24 Apr 1993 22:06:23

>Solaris ships much more secure than SunOS by default. This is a good thing.
>However, it is very much a pain for our purposes that root cannot use rlogin
>or rsh or rcp to access a Solaris machine. This is probably in the Answerbook
>CDROM, but we keep bugging our rep for it and he never seems to get around to
>providing one for us....*sigh* Anyway, I checked to see if the ways I know
>from other Unixes would help here, but it doesn't help, I can't seem to make
>non-console logins 'secure'. Any help out there?

For rlogin Comment out/in the line in /etc/default/login
CONSOLE=/dev/console -> #CONSOLE=/dev/console

For the rest put host in /etc/hosts.equiv and "host root" in /.rhosts

Jan.
--
Jan Wortelboer, University of Amsterdam

Unix Kruislaan 403 Kamer F003 Phone: +31 20 525 7501
systems manager 1098 SJ AMSTERDAM Fax : +31 20 525 7490

by **Rob Kroeg** » Mon, 26 Apr 1993 05:10:11

You need to edit the /etc/default/passwd file. Comment out the
CONSOLE=/dev/console entry so it looks like so:

#TIMEZONE=EST5EDT
HZ=100
#ULIMIT=4096
#CONSOLE=/dev/console
PASSREQ=YES
ALTSHELL=YES

Rob Kroeger
CGL
University of Waterloo

Very Computer

How do you allow root to rsh/rcp/rlogin/etc?

How do you allow root to rsh/rcp/rlogin/etc?

How do you allow root to rsh/rcp/rlogin/etc?

How do you allow root to rsh/rcp/rlogin/etc?

How do you allow root to rsh/rcp/rlogin/etc?