Unix Support

THIS DOCUMENT IS DEPRECATED

Configuring .rhosts

.rhosts is used to control which machines trust other machines for access to your account. If a machine trusts another machines then it will allow a specified user (usually yourself) to access your account without having to enter a password.

This has an obvious advantage (apart from saving typing) - your password does not have to travel across the network. On the other hand, it does means that if your account on the other machine is compromised, it's trivial to get access to your accounts on other machines. Think carefully about which machines you put in your .rhosts file.

.rhosts is not suitable for allowing access to machines which are not handling IP 24 hours a day. (If your machine is switched off, it's much easier to take over its IP address and spoof the trusted machine.) The secure shell, ssh, has a replacement for the r-utilities (rcp, rlogin, rsh) which doesn't suffer from this problem.

rlogin

Unix provides a command called rlogin for easy login to remote machines. Here is a simple example of its use:

gryphon$ rlogin hammer.thor
Password:
Last login: Mon Oct 11 13:10:02 from gryphon.csi.cam.ac.uk
Solaris Release 2.5 [hammer] Linux Redhat Release 4.2 [gloves,belt] (Thor)

hammer$

By default, rlogin will connect me to the remote machine with an account name the same as my name on the local machine (rjd4 in this case). Note that my Thor password was required.

.rhosts

It is possible to make my account on hammer "trust" my account on gryphon. To do this, I create a file, .rhosts, in my home directory on hammer containing all the machines on which it is to trust my account. If I rlogin from one of thse machines to hammer I will not be asked for a password. This file must be readable only by the user.

Suppose I have the following .rhosts file on hammer.

hammer$ cat .rhosts
gryphon.csi.cam.ac.uk
oneeye.csi.cam.ac.uk

If I rlogin from gryphon or oneeye I will not be prompted for my password.

gryphon$ rlogin hammer.thor
Last login: Mon Oct 11 13:10:02 from gryphon.csi.cam.ac.uk
Solaris Release 2.5 [hammer] Linux Redhat Release 4.2 [gloves,belt] (Thor)

hammer$

Never put a "+" in a .rhosts file; it means "every machine".

Suppose I have an account on gryphon called "bob" and an account "rjd4" on hammer. On gryphon I issue the command
gryphon$ rlogin -l rjd4 hammer.thor.cam.ac.uk
and my (rjd4's) .rhosts file on hammer contains the line
gryphon.csi.cam.ac.uk bob
and then the "trust" still works.

Remote shells

It is also possible to submit single instructions to a remote machine rather than logging in, issuing the instruction and logging out again. This is done with the rsh command.

For this command to work, the account on the remote machine must trust the account on the local machine. There is no opportunity to issue apassword.

Consider the following example.

gryphon$ rsh hammer.thor.cam.ac.uk ls -l | wc -l
     21
gryphon$

The rsh causes a shell to be started on hammer. This shell runs ls -l and its standard output is piped back over the network into the standard input of wc -l which is run locally.

If the account names differ on the two systems then the -l syntax must be used again.

gryphon$ rsh -l rjd4 hammer.thor.cam.ac.uk uname -n
hammer.thor.cam.ac.uk

There is an important point that must be noted about the remote shell started by rsh: it is not a login shell. The .profile or .bash_profile files are not sourced so any configuration they do will not be done for this shell. What happens instead depends crucially on the shell. Under bash the .bashrc file is read instead.

Remote file copying

To copy files from one machine to another, the rcp command can is provided. This has an identical syntax to cp but filenames can be preceded by "machine:".

gryphon$ rcp hammer.thor:trial.pl test.pl
gryphon$ rcp Unix.tex gloves.thor:~/unix/source.tex

If the account names differ then the filenames are further extended. (NB The -l is not used.)

gryphon$ rcp rjd4@hammer.thor:trial.pl test.pl

As with rcp the .rhosts file must be set up on the remote machine to trust the local machine.


Last updated by Peter Benie <pjb1008@cam.ac.uk>
unix-support@ucs.cam.ac.uk
[Back to index]

The title of this document is: (none)
URL: http://www-uxsup.csx.cam.ac.uk/doc/remote_access/rhosts.html