On Thu, Aug 07, 2003 at 08:05:05AM -0700, Boyd Moore wrote: > > Well I did have rlogin, that is it points to netkit-rlogin. I finally > got rsh to work by commenting out the ALL: PARANOID line in > hosts.deny.
You should put ALL: ALL in hosts.deny, and fix hosts.allow to allow what you want instead. Be very careful with rsh. You CANNOT use it over a network that people you don't absolutely trust have access to. People on the same physical network can spoof your IP address and rsh into your computer (since all it uses for authentication is source IP). These days, rsh/rlogin are only good for Beowulf clusters or something like that, where the network really is private (and/or there is a ton of other weakly authenticated insecure traffic, such as openmosix or NFS), and the overhead of ssh's authentication encryption is too high. > I thought that the hosts.allow overrode the hosts.deny, > but apparently they have reversed the priority. Now rsh, rlogin, etc. > works, but still not remote X windows. You know you can forward X11 over SSH by running ssh -X, right? That's the secure way to do things, and you don't have to change the X -nolisten tcp configuration, which is good, because given X's security record, it's better not to have it listening to the network. (You can edit your ssh config file to make ssh always forward X11 connections when connecting to certain hosts.) > I have gone through the xauth routine to make sure the .Xauthority > files are the same for the same user on both hosts. And I have set > the xhost + on both machines, but I always get the "Can't open display > ..." message. IIRC, "can't open display" means the tcp connection couldn't be made, so it didn't even get to the point of trying to authenticate with xauth. BTW, ssh -X sets up xauth correctly. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC
pgpyUk1NKp58x.pgp
Description: PGP signature
