Michael Green wrote:
First, let me state what should, by now, be obvious to anyone. Using rshost is a security hole. it is fairly easy to bypass, and specifying only usernames mean that anyone with a laptop on your network can get into the account. It is much (and by that I mean MUCH MUCH MUCH) better to use ssh's equivalent, which authenticate using cryptographic keys, and does not allow an intruder to get in so easily.On UNIX users can have their personal .rhosts files which lists users that are allowed to login into the account, in the form:
silver:~->2% cat .rhosts + michaelg + foobar
And it works as advertised on every UNIX that I tried (Solaris, IRIX).There are two possible reasons for this. The first, and the less likely one, is that a global hosts.deny (or whatever the rsh equivalent is) is stopping this. Check it out.
However it looks like on Linux the behaviour is different: putting
usernames into .rhosts makes no effect, but putting hostnames _does_!
The second, more likely, is that the ident service is not running. rsh uses ident to find out which user is the one initiating the connection. If a Linux machine is not running ident, rsh won't be able to get the user name, and user based authentication will not work.
Why is the difference? Anyone?Please do consider dropping this outdated mechanism in favor of better, more secure, ones.
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
