Re: root and .rhosts file
On Mon, 15 Sep 1997 16:13:43 +0200 Martin Schulze ([EMAIL PROTECTED] ual.net) wrote: > On Sep 15, Jeppe Buk wrote > > > > Try adding "-h" after rshd in your /etc/inetd.conf. This flag allows > > > your in.rshd to use the root .rhosts file. Without it /root/.rhosts > > > will be silently ignored. > > > > That did it! The option isn't mentioned in the man page. How was I > > supposed to have found this out myself? > > Please send an appropriate bug report against netstd. Not necessary. From `man rshd': 8. Rshd then validates the user using ruserok(3), which uses the file /etc/hosts.equiv and the .rhosts file found in the user's home di rectory. The -l option prevents ruserok(3) from doing any validation based on the user's ``.rhosts'' file (unless the user is the supe ruser and the -h option is used.) If the -h option is not used, su peruser accounts may not be accessed via this service at all. Phil. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root and .rhosts file
On Wed, Sep 10, 1997 at 03:53:42PM +0200, Jeppe Buk wrote: > Hi > > I'm a student programmer at the Dept. of Mathematics and Computer Science, > Odense University in Denmark. > > I've installed Debian 1.2 on one of our PC's in the Unix network. This > works great (not surprisingly). > > Now I've installed Debian 1.3.1 on another PC, and I can't get this new > machine to accept root rsh requests from our primary server (running > SunOS), or any other machine, for that matter. Both Debian machines have > the same .rhosts file in the root homedir, but the 1.3.1 host gives > permission denied replies. > Try adding "-h" after rshd in your /etc/inetd.conf. This flag allows your in.rshd to use the root .rhosts file. Without it /root/.rhosts will be silently ignored. I think I saw a mail on this list a while ago about that flag being removed. BTW, rlogin works the same. > BTW: I'm not using shadow passwords on any of the systems. > > I'm lost, and if I don't solve the problem my system manager will not let > me install Debian on new PCs in the department (Not Good!). > That would be awful!! I hope things work out for you. Let me now how it turns out. Cheers, Bengt-Ove! -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root and .rhosts file
On Mon, 15 Sep 1997, Bengt-Ove Johansson wrote: > > I'm a student programmer at the Dept. of Mathematics and Computer Science, > > Odense University in Denmark. > > > > I've installed Debian 1.2 on one of our PC's in the Unix network. This > > works great (not surprisingly). > > > > Now I've installed Debian 1.3.1 on another PC, and I can't get this new > > machine to accept root rsh requests from our primary server (running > > SunOS), or any other machine, for that matter. Both Debian machines have > > the same .rhosts file in the root homedir, but the 1.3.1 host gives > > permission denied replies. > > Try adding "-h" after rshd in your /etc/inetd.conf. This flag allows > your in.rshd to use the root .rhosts file. Without it /root/.rhosts > will be silently ignored. That did it! The option isn't mentioned in the man page. How was I supposed to have found this out myself? > I think I saw a mail on this list a while ago about that flag being > removed. It isn't used on the 1.2 host. The first thing I did was compare their inetd.conf :-) > > I'm lost, and if I don't solve the problem my system manager will not let > > me install Debian on new PCs in the department (Not Good!). > > That would be awful!! My thought exactly! > I hope things work out for you. Let me now how it turns out. They did. Regards, --- Jeppe Buk, student of computer science Phone: +45 6557 2347 IMADA, Odense University Email: [EMAIL PROTECTED] Campusvej 55 WWW: http://www.imada.ou.dk/~buk/ DK-5230 Odense M, Denmark SMS (subject only): [EMAIL PROTECTED] --- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root and .rhosts file
On Sep 15, Jeppe Buk wrote > > Try adding "-h" after rshd in your /etc/inetd.conf. This flag allows > > your in.rshd to use the root .rhosts file. Without it /root/.rhosts > > will be silently ignored. > > That did it! The option isn't mentioned in the man page. How was I > supposed to have found this out myself? Please send an appropriate bug report against netstd. Regards, Joey -- Individual Network e.V. _/ 27./28.9.97: Kongress des IN e.V. [EMAIL PROTECTED] _/http://www.individual.net/congress/ Tel: (0441) 98347-15 _/ Highlights: Richard Stallmann, Bruce Perens -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root and .rhosts file (again)
I think somebody said this already, but I'll repeat it. Use ssh. It's more secure, and easier to figure out. The only downside it that it is "non-free" (only for non-commercial use) and "non-US" (can be used in the US, but not exported). Cheers, - Jim pgpsqHstBS8EG.pgp Description: PGP signature
Re: root and .rhosts file (again)
> Hi > > Thanks for all the answers I got to my original message. I'm afraid you > all misunderstood my question, though. > > I am not interested in allowing remote root logins to my machine. Only rsh > and friends (like rcp). To illustrate, this is a transcript from a short > session from our primary server (the one requiring rsh access to the > debian hosts): > > To the machine working correctly: > |- > | # rsh deb1 date > | Thu Sep 11 15:12:48 MET DST 1997 > | > | # rlogin deb1 > | root login refused on this terminal. > | > | deb1 login: Why do you think that is "correctly"? Do you think a mashine not allowing root logins, while it does allow rsh deb1 sh -c 'dd if=/dev/null of=/dev/hda' working correctly (don't try it!)? At least I think the new behaviour > To the debian 1.3.1 machine: > |- > | # rsh deb2 date > | Permission denied. > | > | # rlogin deb2 > | Password: > |- Is consistant, and preferable. -- joost witteveen, [EMAIL PROTECTED] #!/usr/bin/perl -sp0777ihttp://www.dcs.ex.ac.uk/~aba/rsa/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
root and .rhosts file (again)
Hi Thanks for all the answers I got to my original message. I'm afraid you all misunderstood my question, though. I am not interested in allowing remote root logins to my machine. Only rsh and friends (like rcp). To illustrate, this is a transcript from a short session from our primary server (the one requiring rsh access to the debian hosts): To the machine working correctly: |- | # rsh deb1 date | Thu Sep 11 15:12:48 MET DST 1997 | | # rlogin deb1 | root login refused on this terminal. | | deb1 login: |- To the debian 1.3.1 machine: |- | # rsh deb2 date | Permission denied. | | # rlogin deb2 | Password: |- Both machines have the same entry in root's .rhosts file, and 'deb1' also fails if that entry is removed. Regards, --- Jeppe Buk, student of computer science Phone: +45 6557 2347 IMADA, Odense University Email: [EMAIL PROTECTED] Campusvej 55 WWW: http://www.imada.ou.dk/~buk/ DK-5230 Odense M, Denmark SMS (subject only): [EMAIL PROTECTED] --- Software is like sex; it's better when it's free. (Linus Torvalds) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root and .rhosts file; kerberos
On a similar vein, has anyone managed to make debian & kerberos machines talk this way? mit has .rpm packages of kerberos & afs. However, alien gives plenty of "nonstandard executable location" errors when converting. Also, kerberos versions of some programs should (apparently) replace regular versions, but this information wouldn't be included in the .deb. I have gotten a response hre at ISU, which kindly explains how to modify the source of my pop client :) anyway, it seems I need kerberos to get my pop-3 mail and to rsh to the university machines. rick -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root and .rhosts file
It's a security hole (probably a simple dns spoof would gain root on either machine. And while I'm on the topic of security here, I'd suggest ssh instead (harder, if not impossible to spoof). But if you feel risky, I think it is caused by the following: [EMAIL PROTECTED](p1):bhmit1$ more /etc/securetty # /etc/securetty: list of terminals on which root is allowed to login. # See securetty(5) and login(1). tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 HTH, Brandon - Brandon Mitchell E-mail: [EMAIL PROTECTED] Homepage: http://www.geocities.com/SiliconValley/7877/home.html PGP: finger -l [EMAIL PROTECTED] "We all know Linux is great...it does infinite loops in 5 seconds." --Linus Torvalds -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root and .rhosts file
Hi! > Now I've installed Debian 1.3.1 on another PC, and I can't get this new > machine to accept root rsh requests from our primary server (running > SunOS), or any other machine, for that matter. Both Debian machines have > the same .rhosts file in the root homedir, but the 1.3.1 host gives > permission denied replies. This is a feature, not a bug. It is because root is by default allowd login only on some ttys. On my system (Debian 1.3.1) these ttys are listed in /etc/securetty and I think this is the default. Also see the CONSOLE entry in /etc/login.defs and play around with /etc/login.access. In these files you can turn off the restriction that root cannot log in directly from remote machines or you can specify the machines from which root can log in, which is a little better. feri. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
root and .rhosts file
Hi I'm a student programmer at the Dept. of Mathematics and Computer Science, Odense University in Denmark. I've installed Debian 1.2 on one of our PC's in the Unix network. This works great (not surprisingly). Now I've installed Debian 1.3.1 on another PC, and I can't get this new machine to accept root rsh requests from our primary server (running SunOS), or any other machine, for that matter. Both Debian machines have the same .rhosts file in the root homedir, but the 1.3.1 host gives permission denied replies. BTW: I'm not using shadow passwords on any of the systems. I'm lost, and if I don't solve the problem my system manager will not let me install Debian on new PCs in the department (Not Good!). --- Jeppe Buk, student of computer science Phone: +45 6557 2347 IMADA, Odense University Email: [EMAIL PROTECTED] Campusvej 55 WWW: http://www.imada.ou.dk/~buk/ DK-5230 Odense M, Denmark SMS (subject only): [EMAIL PROTECTED] --- Software is like sex; it's better when it's free. (Linus Torvalds) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .