On Sun, 27 Mar 2005 10:58:31 +0200, Shachar Shemesh <[EMAIL PROTECTED]> wrote:
> First, let me state what should, by now, be obvious to anyone. Using > rshost is a security hole. Shachar, you make very valid points here. Thank you. In fact I realize very well (I hope I do) all the risks involved in using rsh/rlogin/telnet mechanism. However our users insist on using rsh instead of ssh for various reasons (conservatism being of them). And I'm not in the position to fight their weak security practices. I'm here to help them with whatever they need and if they need rsh to be more productive (one of their agruments) - so be it. > There are two possible reasons for this. The first, and the less likely > one, is that a global hosts.deny (or whatever the rsh equivalent is) is > stopping this. Check it out. > No file like these. Two file related to rsh that I see on the system are: /etc/hosts.equiv /root/.rhosts > The second, more likely, is that the ident service is not running. it does, because I'm able to rsh into the machine from those hosts listed in hosts.equiv. It is my understanding that if identd/xinetd were not up I wouldn't be able to rsh from anywhere, right? -- Warm regards, Michael Green *^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* Assistant Unix Admin Division of Information Systems Weizmann Institute of Science Rechovot 76100, Israel Tel.: 972-8-9344216 Fax.: 972-8-9344102 Cel.: 972-52-3638926 *^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
