version 1.201, 2004/05/02 11:54:31 |
version 1.202, 2004/08/26 16:00:55 |
|
|
Next, the server and the client enter an authentication dialog. |
Next, the server and the client enter an authentication dialog. |
The client tries to authenticate itself using |
The client tries to authenticate itself using |
.Em rhosts |
.Em rhosts |
authentication, |
|
.Em rhosts |
|
authentication combined with RSA host |
authentication combined with RSA host |
authentication, RSA challenge-response authentication, or password |
authentication, RSA challenge-response authentication, or password |
based authentication. |
based authentication. |
.Pp |
.Pp |
.Em rhosts |
|
authentication is normally disabled |
|
because it is fundamentally insecure, but can be enabled in the server |
|
configuration file if desired. |
|
System security is not improved unless |
System security is not improved unless |
.Nm rshd , |
.Nm rshd , |
.Nm rlogind , |
.Nm rlogind , |
|
|
Further details are described in |
Further details are described in |
.Xr hosts_access 5 . |
.Xr hosts_access 5 . |
.It Pa $HOME/.rhosts |
.It Pa $HOME/.rhosts |
This file contains host-username pairs, separated by a space, one per |
This file is used during |
|
.Cm RhostsRSAAuthentication |
|
and |
|
.Cm HostbasedAuthentication |
|
and contains host-username pairs, separated by a space, one per |
line. |
line. |
The given user on the corresponding host is permitted to log in |
The given user on the corresponding host is permitted to log in |
without a password. |
without a password. |
|
|
not used by rlogin and rshd, so using this permits access using SSH only. |
not used by rlogin and rshd, so using this permits access using SSH only. |
.It Pa /etc/hosts.equiv |
.It Pa /etc/hosts.equiv |
This file is used during |
This file is used during |
.Em rhosts |
.Cm RhostsRSAAuthentication |
|
and |
|
.Cm HostbasedAuthentication |
authentication. |
authentication. |
In the simplest form, this file contains host names, one per line. |
In the simplest form, this file contains host names, one per line. |
Users on |
Users on |
|
|
If the client host/user is successfully matched in this file, login is |
If the client host/user is successfully matched in this file, login is |
automatically permitted provided the client and server user names are the |
automatically permitted provided the client and server user names are the |
same. |
same. |
Additionally, successful RSA host authentication is normally required. |
Additionally, successful client host key authentication is required. |
This file must be writable only by root; it is recommended |
This file must be writable only by root; it is recommended |
that it be world-readable. |
that it be world-readable. |
.Pp |
.Pp |