Accessing Remote Systems (Tasks)
This chapter describes all the tasks that are required to log in to remote systems and work with their files. This is a list of the step-by-step instructions in this chapter.
This chapter provides tasks that are described in the following table to log in and copy files from remote systems.
Table 44-1 Task Map: Accessing Remote Systems
Task | Description | For Instructions |
|---|---|---|
Log in to a remote system (rlogin) |
| "How to Search for and Remove .rhosts Files" "How to Find Out If a Remote System Is Operating" "How to Find Who Is Logged In to a Remote System" |
Log in to a remote system (ftp) |
| "How to Open an ftp Connection to a Remote System" "How to Close an ftp Connection to a Remote System" |
Copy remote files with rcp | Use the rcp command to copy files to and from a remote system. | "How to Copy Files Between a Local and a Remote System (rcp)" |
Logging In to a Remote System (rlogin)
The rlogin command enables you to log in to a remote system. After you are logged in, you can navigate through the remote file system and manipulate its contents (subject to authorization), copy files, or execute remote commands.
If the system you are logging in to is in a remote domain, be sure to append the domain name to the system name. In this example, SOLAR is the name of the remote domain:
rlogin pluto.SOLAR
Also, you can interrupt a remote login operation at any time by typing Control-d.
Authentication for Remote Logins (rlogin)
Authentication (establishing who you are) for rlogin operations can be performed either by the remote system or by the network environment.
The main difference between these forms of authentication lies in the type of interaction they require from you and the way they are established. If a remote system tries to authenticate you, you are prompted for a password, unless you set up the /etc/hosts.equiv or .rhosts file. If the network tries to authenticate you, you are not asked for a password, because the network already knows who you are.
When the remote system attempts to authenticate you, it relies on information in its local files, specifically if one of the following is true:
Your system name and user name appear in the remote system's /etc/hosts.equiv file.
Or:
Your system name and user name appear in the remote user's .rhosts file, under the remote user's home directory.
Network authentication relies on one of these two methods:
A "trusting network environment" that has been set up with your local network information service and the automounter
One of the network information services that is pointed to by the remote system's /etc/nsswitch.conf file contains information about you
Note - Network authentication generally supersedes system authentication.
/etc/hosts.equiv File
The /etc/hosts.equiv file contains a list of trusted hosts for a remote system, one per line. If a user attempts to log in remotely (using rlogin) from one of the hosts that is listed in this file, and if the remote system can access the user's password entry, the remote system allows the user to log in without a password.
A typical hosts.equiv file has the following structure:
host1 host2 user_a +@group1 -@group2 |
When a simple entry for a host is made in hosts.equiv, such as the previous entry for host1, it means that the host is trusted, and so is any user at that machine.
If the user name is also mentioned, as in the second entry in the example, then the host is trusted only if the specified user is attempting access.
A group name that is preceded by a plus sign (+) means that all the machines in that netgroup are considered trusted.
A group name that is preceded by a minus sign (-) means that none of the machines in that netgroup is considered trusted.
Security Risks When Using the /etc/hosts.equiv File
The /etc/hosts.equiv file presents a security risk. If you maintain a /etc/hosts.equiv file on your system, you should include only trusted hosts in your network. The file should not include any host that belongs to a different network, or any machines that are in public areas. For example, do not include a host that is located in a terminal room.
The use of hosts that are not trusted can create a serious security problem. Either replace the /etc/hosts.equiv file with a correctly configured one, or remove the file altogether.
A single line of + in the /etc/hosts.equiv file indicates that every known host is trusted.