To .rhosts or not to .rhosts - which is safer

To .rhosts or not to .rhosts - which is safer

Post by Jason Coyl » Thu, 16 May 1996 04:00:00



Hi,
    I am currently having a discussion with our sys. admin. guy about
which is more secure - Having .rhosts or not having .rhosts.
   I believe that it is safer than having everybody type in their
password for every host they log into{cannot snoop or watch keypresses}.
He thinks that unauthorised logins can be generated to easy.If this is
so, how well do hosts.equiv hosts.deny protect you?
   Is there any other issues to content with.

        Jason.

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Rout » Thu, 16 May 1996 04:00:00



: |He thinks that unauthorised logins can be generated to easy.If this is
: |so, how well do hosts.equiv hosts.deny protect you?
: |   Is there any other issues to content with.

        Um, you have several concepts confused here.

        ~/.rhosts:
                Files kept in a user's home directory which allow trusted
        access from specified entries.  A big no-no.  Do not use them.

        /etc/hosts.equiv
                Same idea, on a host rather than user level... Also a
        bad idea to implement.

        /etc/hosts.allow{deny}
                Access control files from Weiste's TCP Wrappers.  IMNSHO,
        an incredibly useful and absolutely necessary tool.  They offer
        extensive logging and filtering capabilities.  No site should be
        without them.

        To sum it up, yur admin is a moron to think that .rhosts files
        will in any way increase security.  They extend the ring of trust
        (and therefore vulnerability) to extend to machines outside yur
        jurisdiction.  If he is concerned about pcket sniffing, install
        s/key and/or ssh.

--

        ...I am the only way to go.  I am the way of the future...

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Doug Hugh » Thu, 16 May 1996 04:00:00


|> Hi,
|>     I am currently having a discussion with our sys. admin. guy about
|> which is more secure - Having .rhosts or not having .rhosts.
|>    I believe that it is safer than having everybody type in their
|> password for every host they log into{cannot snoop or watch keypresses}.
|> He thinks that unauthorised logins can be generated to easy.If this is
|> so, how well do hosts.equiv hosts.deny protect you?
|>    Is there any other issues to content with.
|>
|>   Jason.

Internally all our hosts are in the trusted hosts.equiv netgroup. All
machines (except servers) are equal. This makes .rhosts irrelevent
internally. Externally we do not allow .rhosts files. We are moving
toward S/Key, STel, and ssh for external logins so passwords aren't
flying by in the clear.

--
____________________________________________________________________________
Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Pete Phili » Thu, 16 May 1996 04:00:00


: Hi,
:     I am currently having a discussion with our sys. admin. guy about
: which is more secure - Having .rhosts or not having .rhosts.
:    I believe that it is safer than having everybody type in their
: password for every host they log into{cannot snoop or watch keypresses}.
: He thinks that unauthorised logins can be generated to easy.If this is
: so, how well do hosts.equiv hosts.deny protect you?

The general consensus is that trust (.rhost or hosts.equiv) is a Bad Thing.

:    Is there any other issues to content with.

Have you tried ssh - secure shell? This is a secure replacement for rsh and
rlogin. Authentication is by RSA key exchange and all traffic is IDEA
encrypted.

Pete

 ------------------------------------------------------
|   Pete Philips                                  \|/  |

 ------------------------------------------------------

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Jacob Langse » Fri, 17 May 1996 04:00:00


Quote:>    To sum it up, yur admin is a moron to think that .rhosts files
>    will in any way increase security.  They extend the ring of trust

It was my impression that it was _his_ opinion that .rhosts would increase
security:

    "I am currently having a discussion with our sys. admin. guy about
   which is more secure - Having .rhosts or not having .rhosts.
     I believe that it is safer than having everybody type in their
   password for every host they log into{cannot snoop or watch keypresses}."

To the original poster:

You both have valid points -- telnet is insecure in that passwords are
transmitted cleartext, while rsh is insecure in that it uses host-based
authentication and must trust information received via the network.

I feel that one should definitely not allow .rhosts -- this allows
virtually anyone, if they can predict the right sequence numbers and
prevent the spoofed machine from sending an RST, to access the account.
Telnet on the other hand requires an active sniffing attack on one of the
networks involved.  I suppose it depends on what networks you're using vs.
how competent you feel your would-be advesaries are....

Best is to eliminate both (ala ssh or an equivalent).

_jwl
--
 Jacob Langseth  |  Meddle not in the affairs of dragons, for
    (Musashi)    |  thou art crunchy and go well with ketchup _
 =---------------+-----+--------------------------------------+

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Brad Powe » Fri, 17 May 1996 04:00:00


:Hi,
:    I am currently having a discussion with our sys. admin. guy about
:which is more secure - Having .rhosts or not having .rhosts.

Rule of thumb. NEVER implicitly trust a host with an .rhosts unless
that host has equal or greater security than your own, and you can
verify all the users (and their systems as well).
Its the old "web of trust" problem. You add in a .rhosts entry
but the host you are "trusting" exports "/usr" via NFS to "world"
or that host "trusts" some other system that has a passwordless NIS
account. The list goes on.

Hacking libc and NOOP'ing rcmd has been known to save a few systems
from  .rhosts :-)

:   I believe that it is safer than having everybody type in their
:password for every host they log into{cannot snoop or watch keypresses}.

depends on the network. If it has encrypted sessions (SKIP/SSH/STEL/ect)
If the IP layer or application pass clear-text than yes snooping lgin/passwd
can (and does on a regular basis) occur.

:He thinks that unauthorised logins can be generated to easy.If this is
:so, how well do hosts.equiv hosts.deny protect you?

I'm assuming tcp_wrappers here. (excelent package btw) tcp_wrappers
if set up on a host-by-host basis and where the network is protected
from IP impersonating (or tcp_wrappers is configured -DPARANOID)
help quite a bit from unauthorized access attempts. Again assuming the
"trusted" host isn't wide open.

:   Is there any other issues to content with.

yeah, the privacy of transmission problem (encrypt!)
the fact that users tend to use the same password in other locations where sniffing it here may give access elsewhere, and probably a few others that
I missed in this hasty message :-) :-(

=======================================================================

Sr. Network Security Consultant
Sun Microsystems Inc.
=======================================================================
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.
=======================================================================

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Olaf Tit » Fri, 17 May 1996 04:00:00


Best you throw away rlogin, rexec, rsh completely and replce them with
ssh.

olaf
--

__ o           <URL:http://www.inka.de/~bigred/>     <IRC:praetorius>
__/<_              >> Just as long as the wheels keep on turning round
_)>(_)______________ I will live for the groove 'til the sun goes down << ____

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Rout » Fri, 17 May 1996 04:00:00



: |It was my impression that it was _his_ opinion that .rhosts would increase
: |security:

        Hoboy...  My mistake....  Sorry about that.  Oh well, the
        underlying point is still there...

--

        ...I am the only way to go.  I am the way of the future...

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by mac » Sat, 18 May 1996 04:00:00



> Hi,
>     I am currently having a discussion with our sys. admin. guy about
> which is more secure - Having .rhosts or not having .rhosts.
>    I believe that it is safer than having everybody type in their
> password for every host they log into{cannot snoop or watch keypresses}.
> He thinks that unauthorised logins can be generated to easy.If this is
> so, how well do hosts.equiv hosts.deny protect you?
>    Is there any other issues to content with.

>         Jason.

Ypu can only snoop passwords as root and only on the same ethernet.
..rhosts files are far more dangerous. they are subject to any hacker.

But still... encription is the only way to make snoop attacks less
dangerous.

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Rahul Dhes » Sat, 18 May 1996 04:00:00



Quote:>If you use rsh you rely on the information supplied by the program on
>the remote node. Trouble is, the format of this data stream is public
>and trivial... *ANY* C programmer could write a program to do put
>whatever he likes into the data stream.

Not exactly.  Only somebody who is permitted to bind to a privileged
port at the other end can actually do this.

Please folks, less hyperbole and more accuracy.

Thank-you.

Quote:>    machine1% cat /.rhosts
>    machine1
>    machine2
>    machine3
> then just *ANYONE* on machine1, machine2, machine3 using the
>before-mentioned program could become root.

Only somebody who is already effectively root on machine 1, 2, or 3.

So do I really care, if I happen to administer all three machines?
--


 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Mauro Fos » Sat, 18 May 1996 04:00:00



>Best you throw away rlogin, rexec, rsh completely and replce them with

                             ^^^^^

Quote:>ssh.

Why? rexec asks username and password... that's as secure as telnet
and/or ftp are.

Just my 2c.

>olaf
>--

>__ o           <URL:http://www.inka.de/~bigred/>     <IRC:praetorius>
>__/<_              >> Just as long as the wheels keep on turning round
>_)>(_)______________ I will live for the groove 'til the sun goes down << ____

---------------------------------------------

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Mauro Fos » Sat, 18 May 1996 04:00:00




>:Hi,
>:    I am currently having a discussion with our sys. admin. guy about
>:which is more secure - Having .rhosts or not having .rhosts.
>Hacking libc and NOOP'ing rcmd has been known to save a few systems
>from  .rhosts :-)

Well, you can do just the same with accept/bind and regular socket
calls...

>=======================================================================

>Sr. Network Security Consultant
>Sun Microsystems Inc.
>=======================================================================
>               The views expressed are those of the author and may
>                  not reflect the views of Sun Microsystems Inc.
>=======================================================================

---------------------------------------------

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Mauro Fos » Sat, 18 May 1996 04:00:00



>Hi,
>    I am currently having a discussion with our sys. admin. guy about
>which is more secure - Having .rhosts or not having .rhosts.
>   I believe that it is safer than having everybody type in their
>password for every host they log into{cannot snoop or watch keypresses}.
>He thinks that unauthorised logins can be generated to easy.If this is
>so, how well do hosts.equiv hosts.deny protect you?
>   Is there any other issues to content with.
>    Jason.

Well, your sysadmin is right... but hosts.* do not protect you from
authorized users... (that's what friends are for :)

If you use rsh you rely on the information supplied by the program on
the remote node. Trouble is, the format of this data stream is public
and trivial... *ANY* C programmer could write a program to do put
whatever he likes into the data stream.

In this scenario, if root's .rhosts contains

        machine1% cat /.rhosts
        machine1
        machine2
        machine3

 then just *ANYONE* on machine1, machine2, machine3 using the
before-mentioned program could become root.

Not only /etc/hosts. or .rhosts should not be used, but also
rshd/rlogind should be disabled!

Try it out and decide for yourself...

---------------------------------------------

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Leslie Mikese » Sun, 19 May 1996 04:00:00



>Ypu can only snoop passwords as root and only on the same ethernet.
>..rhosts files are far more dangerous. they are subject to any hacker.

>But still... encription is the only way to make snoop attacks less
>dangerous.

Any PC on the ethernet can easily run sniffing software.  Everyone
is root on a PC...

Les Mikesell

 
 
 

To .rhosts or not to .rhosts - which is safer

Post by Casper H.S. D » Mon, 20 May 1996 04:00:00



>You both have valid points -- telnet is insecure in that passwords are
>transmitted cleartext, while rsh is insecure in that it uses host-based
>authentication and must trust information received via the network.
>I feel that one should definitely not allow .rhosts -- this allows
>virtually anyone, if they can predict the right sequence numbers and
>prevent the spoofed machine from sending an RST, to access the account.
>Telnet on the other hand requires an active sniffing attack on one of the
>networks involved.  I suppose it depends on what networks you're using vs.
>how competent you feel your would-be advesaries are....

If you only allow .rhost access from hosst in your jurisdiction *and*
take precautions against IP spoofing (i.e., filter your "own" addresses
and 127.X coming from the internet in your router) and other attacks
(source routing, nameserver attacks), local .rhosts files are nothing to
worry about.  If someone can spoof IP locally, he can also sniff passwords.

However, with locally spoofed IP he'll only get access from your local net,
with sniffed passwords he can later get access from remote sites.

If it's easy to sniff & fake packets on the local lan, then you should consider
running an entirely different set of programs for local logins, stuff like
SSH comes to mind.

Casper
--
Casper Dik - Sun Microsystems - via my guest account at the University

Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

1. rsh as root - no password - /.rhosts or /root/.rhosts doesn't work?

On most other Unix systems, one can rsh, even as root, to
another machine (or even the same machine) with out being asked for
a password so long as there is a /.rhosts or /root/.rhosts.

I am trying to do this under linux, and it *always* asks for
a password!  Why?  What am I missing?  I searched the FAQ's
and LDP docs but couldn't find anything.

I know this must be possible, because sometimes this is required
(doing a backup for example).

Any help would be greatly appreciated.

--
Cheers,
Glenn                                  
--------------------
Glenn R. Kronschnabl

2. Wide SCSI supported?

3. Redhat 5.2 and rsh and .rhosts not working

4. Scheduler

5. .rhosts not working on solaris 2.5 help!

6. question_on_Linux_and_Windows98

7. why does my .rhosts file not work ?

8. sony 15sf + ati mach64

9. rhosts entry not working

10. .rhosts seems not run

11. rsh + rlogin without password (.rhosts) -> NOT WORKING

12. Linux: ~/.rhosts seems not run

13. rhosts not working for root