Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!wuarchive!emory!mephisto!mcnc!decvax.dec.com!zinn!lemuria!darryl
From: darryl@lemuria.MV.COM (Darryl Wagoner)
Newsgroups: comp.unix.wizards
Subject: Re: /etc/hosts.equiv verses $HOME/.rhosts
Message-ID: <1990Aug30.121926.3764@lemuria.MV.COM>
Date: 30 Aug 90 12:19:26 GMT
References: <785@venice.SEDD.TRW.COM>
Reply-To: darryl@lemuria.UUCP (Darryl Wagoner)
Organization: Shecora Associates, Inc. Nashua, NH
Lines: 27

In article <785@venice.SEDD.TRW.COM> waldorf@venice.sedd.trw.com (Jerry Waldorf) writes:

>	I am running on a lan of HP 9000/300's and want to do some remshs and 
>some rcps.  The manual says that using $HOME/.rhosts is very dangerous for 
>security reasons, but doesn't seem to mention any problems with using
>/etc/hosts.equiv.  Could some kind sole tell me why using $HOME/.rhosts 
>is unsafe and why /etc/hosts.equiv is safe?  

No, they can't because hosts.equiv isn't safe or even safer.
Hosts.equiv opens up all the users (except root) to attack where rhost
just opens that one user.   If you have a trusted base of systems (ie. you
trust the sys adm of the all systems on the network, not just the ones
in your .rhosts or hosts.equiv) then you can use it without too much
problems.  I wouldn't use hosts.equiv for any reason and rhost should
only be readable by you.  To increase security you may want to have
the rhost in place only when you are doing work.

Hope this help!

-Darryl


-- 
Darryl Wagoner		darryl@lemuria.MV.COM or uunet!virgin!lemuria!darryl
12 Oak Hill Road
Brookline, NH 03033
Office: 603.672.0736   		Home: 603.673.0578