LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Solaris / OpenSolaris (https://www.linuxquestions.org/questions/solaris-opensolaris-20/)
-   -   What is the difference between "/etc/hosts.equiv" AND ".rhosts" ? (https://www.linuxquestions.org/questions/solaris-opensolaris-20/what-is-the-difference-between-etc-hosts-equiv-and-rhosts-613349/)

chrism01 08-06-2009 11:46 PM
You may find this useful http://www.informit.com/articles/art...p=169465&rll=1
But in any case, avoid plaintext protocols if possible eg rsh, rcp, remsh, rlogin, telnet etc

Telo 05-24-2020 09:39 PM
Looks like ssh Host-based authentication shouldn't be used at all any more! See:

https://www.stigviewer.com/stig/red_...inding/V-11988


Quote:
There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system.

Overview
Finding ID Version Rule ID IA Controls Severity
V-11988 GEN002040 SV-37370r1_rule ECCD-1 ECCD-2 High
Description
The .rhosts, .shosts, hosts.equiv, and shosts.equiv files are used to configure host-based authentication for individual users or the system. Host-based authentication is not sufficient for preventing unauthorized access to the system.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Details
Check Text ( C-36057r1_chk )
Check for the existence of the files.

# find / -name .rhosts
# find / -name .shosts
# find / -name hosts.equiv
# find / -name shosts.equiv

If .rhosts, .shosts, hosts.equiv, or shosts.equiv are found and their use has not been documented and approved by the IAO, this is a finding.
Fix Text (F-31301r1_fix)
Remove all the r-commands access control files.

Procedure:
# find / -name .rhosts -exec rm {} \;
# find / -name .shosts -exec rm {} \;
# find / -name hosts.equiv -exec rm {} \;
# find / -name shosts.equiv -exec rm {} \;

jlliagre 05-25-2020 07:08 AM
Quote:
Originally Posted by Telo (Post 6126908)
Looks like ssh Host-based authentication shouldn't be used at all any more!
This recommendation was already given twelve years ago in this very thread...

By the way, while it doesn't make a lot of difference in that precise case, beware that advice related to Linux do not necessarily apply to Solaris, and reciprocally.


All times are GMT -5. The time now is 01:34 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page