AW: [suse-security] rsh with different local and remote user
Hi,
is there another solution than creating for every user a .rhosts file ?
I want to use :
rsh -l <remoteuser> <remotehost> date
remoteuser and localuser are different. I've experimented with entries in /etc/netgroup and /etc/hosts.equiv, but this works only, if remoteuser and localuser are the same.
Any idea ? You should replace rsh (an insecure protocol transmitting data in plain text) with ssh (a secure
-----Ursprüngliche Nachricht----- Von: David M. Fetter [mailto:david.fetter@fetterconsulting.com] Gesendet: Mittwoch, 19. März 2003 14:20 An: Wagner, Uwe Cc: [SuSE Security List] Betreff: Re: [suse-security] rsh with different local and remote user Wagner, Uwe wrote: protocol trasmitting data with encryption). Then instead of .rhosts (or in the case of ssh, .shosts) you should use public key authentication. The public key for the "localuser" can be placed in the "remoteuser's" ~/.ssh/authorized_keys file and then you simply connect with 'ssh remoteuser@host'. I think using rsh in our intranet isn't a security problem. rsh is used by the cvs command. I don't want creating every user his own .rhosts file. uwe -- David M. Fetter - http://www.fetterconsulting.com/ "The world is full of power and energy and a person can go far by just skimming off a tiny bit of it." Neal Stephenson - Snow Crash
Hi Uwe,
I think using rsh in our intranet isn't a security problem. You never know, who's sneaking in your intranet :) Being more secure would never hurt :)
rsh is used by the cvs command. I don't want creating every user his own .rhosts file. You can specify CVS_RSH=/usr/local/bin/ssh (or wherever your ssh sits) to tell CVS use ssh for authentication.
Cheers Eduard __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
participants (2)
-
Eduard Avetisyan -
Wagner, Uwe