S 5.20 Use of the security mechanisms of rlogin, rsh, and rcp
Initiation responsibility: IT Security Officer, Administrator
Implementation responsibility: Administrator
With the rlogin program and/or the associated rlogind daemon it is possible to log in on another computer via a network connection; in this case, however, only the password will be requested, since the user name will be passed on directly. With the commands rsh and/or rcp and the rshd daemon it is possible to execute a command on another computer. Both commands can use trusted hosts which are defined either user-specifically in the home directory in the $HOME/.rhosts file or system-wide in the /etc/hosts.equiv file. Any computer entered in one of these files will be regarded as trustworthy. Therefore, neither logging on (with rlogin) nor the execution of a command (with rsh) will require the entry of a password.
Since it is very easy, especially from a PC, to impersonate any computer name, steps must be taken to ensure that the $HOME/.rhosts and /etc/hosts.equiv files are not available or that, if they are available, they are empty and cannot be accessed by ordinary users. The home directories of the users should be checked regularly to this end, or measures should be taken to prevent users from being able to start up the rlogind and rshd daemons (on this point, see the /etc/inetd.conf file and safeguard S 5.16 Survey of network services). If use of the /etc/hosts.equiv file cannot be avoided, steps must be taken to ensure that there is no '+' entry, as this would result in every computer becoming a trusted one.
Secure Shell (ssh) can be used as substitute for the r-services. It makes use of extensive functions designed to ensure secure authentication and to maintain confidentiality and integrity (see also S 5.64 Secure Shell). If ssh is used, the r-services should be disabled as far as possible to ensure that the security safeguards cannot be circumvented. However, this requires that all communication partners have suitable implementations of ssh.
Review questions:
- Is the misuse of the $HOME/.rhosts and /etc/hosts.equiv files and/or the rlogind and rshd daemons prevented?
- Are, whenever possible, stronger procedures (for example, SSH) used and weaker procedures (e.g. rlogin, rsh and rcp) avoided?