How to rlogin/rcp/rsh to a machine without enter a password?

A person asked me this question today, here is my response base on the notes that I had for Solaris system administration certification. Yes. The notes are still handy. ;)

To rlogin/rcp/rsh to a machine without enter a password, you should have $HOME/.rhosts file defined on the target machine if you are trying to login as root. If you try to login as non-root, make sure the user is in /etc/passwd and the host you are login from is defined in either /etc/hosts.equiv or $HOME/.rhosts files. Both /etc/hosts.equiv and $HOME/.rhosts file should contain the host name that are allowed to connect. Optionally, you can associate a user name with that host name to narrow the permission to just those users. So, the format should look like th following line:

hostname [username]

For more information see this pages.

About these ads

14 comments

  1. Even better would be the use of public-key authentication with ssh and using ssh-agent. This is pretty simple; just create on the client-side a key-pair using ssh-keygen -t dsa and copy the newly created file ~/.ssh/id_dsa.pub to the destination host. Name that file just ~/.ssh/authorized_keys. Be sure it has the correct access-rights (700 for the .ssh directory, 644 for the file authorized_keys).

    Next just fire up the program ssh-agent on the client-side, give the passphrase you’ve chosen during the creation of the key-pair and log into your remote host: Voila! Instant access with ssh and scp.

    Not much of a hassle but way more secure.

    I’ve covered those use-cases in an article on my blog: http://itnomad.wordpress.com/2007/02/22/draft-posting-advanced-ssh-usage/

    Hope that comment will be published, WordPress seems to have some problems with the comment-function lately…

    Cheers, Alex.

  2. Hi Alex,
    Thanks for sharing the howto. I actually have been using the ssh’s public-key authentication my self. I was being asked for this specific howto on setting up rlogin/rcp/rsh access so that the person can run scripts that has dependency on these access methods. So, it appears not an option, at least not an easy option to switch over to ssh.

  3. Hi Dave,

    ok, point taken :) However, if most of the important options like “-l username” or “user@host” are backwards-compatible from ssh to rsh. Migration could be as easy as creating a symbolic link named rcp point to scp… YMMV though.

    I always try to persuade people to switch from rsh to ssh so I just couldn’t resist. :)

    Cheers, keep up the good work,
    Alex.

  4. The above solution also doesnt help. I made an entry at $HOME/.rhosts and /etc/hosts.equiv but then too when i try to rsh into the target machine it asks me for a password.

  5. I have been trying to locate password less login thru rsh for like days and the whole internet has moved to ssh, except your article, but I have a question.

    I see that some of the target machines on which password less rsh is setup have the character ‘+’ in the /etc/hosts.equiv or .rhosts file. just one character and it enables login from all machines for all users that are on the target machine’s /etc/passwd.

    however when i replicate this file on a target host that does not support passwordless rsh yet, it does not work.

  6. Hi ..
    What files to edit when hardening using jass is made on host for enabling rsh without password?

    I am aware of the solution : undo jass and restart .. install the client using rsh without password and then apply jass and restart ..

    The strange part about the hardening using jass is that it removes all the entries from /etc/inetd.conf ..

    Regds,
    Parul Sawhney
    Unix Support

  7. I am trying to rsh without password without undoing the jass hardening .. I have tried the changes in ./etc/pam.conf /etc/ssh/sshd_config and /etc/deafult/login and have restarted the respective services as well..

    When i tried to make changes in /etc/inetd.conf …. It was nil..

    I have also made the correct entried in /.rhosts file.. as i can rsh to the hardened host but with password ..

  8. Hi, I know is an old post, but I want to ask if the /etc/passwd and /etc/shadow files on the target hosts be edited to have the remote users as well or not?
    Thanks!!

  9. Hi, I thought I would post a possible solution that we’ve just found. We’re migrating to solaris 10 so found that we had to run “svcadm -v start svc:/network/shell:default”. This seems to be the equivalent of having in.rshd in /etc/inetd.conf in older versions of Solaris. We’ve also configured /etc/hosts.equiv.

  10. What’s up to every one, it’s genuinely a good for me to pay a quick visit this website, it consists of valuable Information.

  11. You could look at using the expect tool, to provide a password if needed. Use expect to call your script, and configure expect to check for a “Password?” prompt.

  12. Hey there, I just wanted to see if you ever have any problems with hackers?

    My last joomla blog at http://vegdave.wordpress.
    com/2007/05/17/how-to-rloginrcprsh-to-a-machine-without-enter-a-password/ was
    hacked and I wound up losing two months of hard work due to no back up.

    Do you have any tips to stop hackers? By the way, is your format custom made or did you download it from
    elsewhere? With a theme like the one you have, my blog could really stand out more.

    Tell me where you got your template when you
    get the chance.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s