waldorf@venice.SEDD.TRW.COM (Jerry Waldorf) (08/24/90)
I am running on a lan of HP 9000/300's and want to do some remshs and some rcps. The manual says that using $HOME/.rhosts is very dangerous for security reasons, but doesn't seem to mention any problems with using /etc/hosts.equiv. Could some kind sole tell me why using $HOME/.rhosts is unsafe and why /etc/hosts.equiv is safe? Thanks, Jerry.
smb@ulysses.att.com (Steven Bellovin) (08/24/90)
In article <785@venice.SEDD.TRW.COM>, waldorf@venice.SEDD.TRW.COM (Jerry Waldorf) writes: > Could some kind sole tell me why using $HOME/.rhosts > is unsafe and why /etc/hosts.equiv is safe? /etc/hosts.equiv represents the administrator's (presumably informed) decision to extend trust to certain other hosts, typically those also under the same person's control. .rhosts files represent a user's decision to extend trust, often to a machine not worthy of it.
jgreco@archimedes.math.uwm.edu (Joe Greco) (08/30/90)
In comp.unix.wizards article <13650@ulysses.att.com>, smb@ulysses.att.com (Steven Bellovin) wrote:
:In article <785@venice.SEDD.TRW.COM>, waldorf@venice.SEDD.TRW.COM (Jerry Waldorf) writes:
:> Could some kind sole tell me why using $HOME/.rhosts
:> is unsafe and why /etc/hosts.equiv is safe?
:
:/etc/hosts.equiv represents the administrator's (presumably informed)
:decision to extend trust to certain other hosts, typically those also
:under the same person's control. .rhosts files represent a user's
:decision to extend trust, often to a machine not worthy of it.
Neither is absolutely safe. Then again, networks aren't safe. You need to
be sure that your network is relatively secure, that your machines are
relatively secure, and that your host tables (or nameserver) are trustworthy,
to mention just a few...
Consider the following:
A person with a network monitoring program. Just watch long enough and
snatch the password right off it. Of course this ISN'T a problem with
.rhosts....
A person who breaks into a workstation, and changes the IP numbers to match
another machine. Then crash the other machine. Voila, suddenly what looks
like x.y.z.edu is actually a.y.z.edu... and you're at the mercy of the
person.
A person who can fiddle with the nameserver to produce false host names. No
need to even change the IP number. This is possibly the worst of the bunch.
Having (for legitimate reasons) done something similar to this on our local
network, I'm not too sure that there is anything to truly prevent someone
from doing this.
Long ago I decided it was all worthless: there's just no way to protect
against all possibilities. I use .rhosts...
... Joe
-------------------------------------------------------------------------------
Joe Greco - University of Wisconsin, Milwaukee - Department of Mathematics
jgreco@archimedes.math.uwm.edu USnail: Joe Greco
Voice: 414/321-6184 9905 W. Montana Ave.
Data: 414/321-9287 (Happy Hacker's BBS) West Allis, WI 53227-3329
ICBM: 43 05 20 N 87 53 10 W
#include <witty_and_humorous_saying.h>
Disclaimer: I don't speak for the Math Department, the University, or myself.
darryl@lemuria.MV.COM (Darryl Wagoner) (08/30/90)
In article <785@venice.SEDD.TRW.COM> waldorf@venice.sedd.trw.com (Jerry Waldorf) writes: > I am running on a lan of HP 9000/300's and want to do some remshs and >some rcps. The manual says that using $HOME/.rhosts is very dangerous for >security reasons, but doesn't seem to mention any problems with using >/etc/hosts.equiv. Could some kind sole tell me why using $HOME/.rhosts >is unsafe and why /etc/hosts.equiv is safe? No, they can't because hosts.equiv isn't safe or even safer. Hosts.equiv opens up all the users (except root) to attack where rhost just opens that one user. If you have a trusted base of systems (ie. you trust the sys adm of the all systems on the network, not just the ones in your .rhosts or hosts.equiv) then you can use it without too much problems. I wouldn't use hosts.equiv for any reason and rhost should only be readable by you. To increase security you may want to have the rhost in place only when you are doing work. Hope this help! -Darryl -- Darryl Wagoner darryl@lemuria.MV.COM or uunet!virgin!lemuria!darryl 12 Oak Hill Road Brookline, NH 03033 Office: 603.672.0736 Home: 603.673.0578
wyatt@cfa.HARVARD.EDU (Bill Wyatt,OIR) (09/04/90)
>>[...] Could some kind sole tell me why using $HOME/.rhosts >>is unsafe and why /etc/hosts.equiv is safe? > [...] I wouldn't use hosts.equiv for any reason and rhost should > only be readable by you. To increase security you may want to have > the rhost in place only when you are doing work. Yes! We use crontab and find(1) once a day on our systems to remove ALL .rhosts files. The users may reconstitute their .rhosts files each day, of course, but are encouraged to put a `rm ~/.rhosts' into a .logout file as well. Since I use X on several machines at once, I have a script run at login time to rlogin to those few machines I always use. My .login on those remote machines copies a files into .rhosts. I also have a `log' command aliased to set an environment variable before logging out so I can log out but not have the .logout script kill the .rhosts file. My local .xsession script can then open windows up on the various machines with no problem. When I logout of my own machine, there's yet another script run from .logout that attempts to rsh to each machine in the .rhosts file to removes its copy of .rhosts, and then removes the local .rhosts. If this sounds complicated, it really isn't. It requires some initial configuration setup, and a couple extra minutes when logging in, is all. It's much more secure having .rhosts available all over the place all the time. Bill Wyatt, Smithsonian Astrophysical Observatory (Cambridge, MA, USA) UUCP : {husc6,cmcl2,mit-eddie}!harvard!cfa!wyatt Internet: wyatt@cfa.harvard.edu SPAN: cfa::wyatt BITNET: wyatt@cfa
milton@ecn.purdue.edu (Milton D Miller) (09/06/90)
In article <430@cfa.HARVARD.EDU> wyatt@cfa.HARVARD.EDU (Bill Wyatt,OIR) writes: >>>[...] Could some kind sole tell me why using $HOME/.rhosts >>>is unsafe and why /etc/hosts.equiv is safe? > >> [...] I wouldn't use hosts.equiv for any reason and rhost should >> only be readable by you. To increase security you may want to have >> the rhost in place only when you are doing work. > >Yes! We use crontab and find(1) once a day on our systems to remove >ALL .rhosts files. The users may reconstitute their .rhosts files each >day, of course, but are encouraged to put a `rm ~/.rhosts' into a >.logout file as well. > >Since I use X on several machines at once, I have a script run at >login time to rlogin to those few machines I always use. My .login on >those remote machines copies a files into .rhosts. I also have a `log' >command aliased to set an environment variable before logging out so I >can log out but not have the .logout script kill the .rhosts file. > So you type your password several times (ie one per machine) to gain access to all of the other machines?? If you are woried about wire security, then here you are sending your unencrypted password across the network several times. If you are only woried about others faking host addresses, well, mabye. But is it really worth the added inconvinence? I would not be suprised to find scripts that "Do this automagically" from one or more people. >Bill Wyatt, Smithsonian Astrophysical Observatory (Cambridge, MA, USA) > UUCP : {husc6,cmcl2,mit-eddie}!harvard!cfa!wyatt > Internet: wyatt@cfa.harvard.edu > SPAN: cfa::wyatt BITNET: wyatt@cfa milton Milton D. Miller II ECN student consultant, Purdue University