From owner-freebsd-questions Tue Mar 21 12: 1:44 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ixori.demon.nl (ixori.demon.nl [195.11.248.5]) by hub.freebsd.org (Postfix) with ESMTP id 2D28637BC41 for ; Tue, 21 Mar 2000 12:01:27 -0800 (PST) (envelope-from bart@ixori.demon.nl) Received: from smtp-relay by ixori.demon.nl (8.9.3/8.9.2) with ESMTP id UAA73036; Tue, 21 Mar 2000 20:59:50 +0100 (CET) (envelope-from bart@ixori.demon.nl) Received: from network (intranet) by smtp-relay (Bart's intranet smtp server) Date: Tue, 21 Mar 2000 21:05:00 +0100 (CET) From: Bart van Leeuwen To: Nathan Vidican Cc: freebsd-questions@freebsd.org Subject: Re: rhosts and FreeBSD 4.0 In-Reply-To: <38D7CA04.5FABF3D2@wmptl.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hmm.. I have no idea why it fails now and didn't in the past, but I do have some idea about a beter solution for this. I'd most definitely use ssh for this and use RSA authentication between the hosts as a min requirement for allowing the login. This offers 2 enhancements over rsh: - better authentication (doesn't depend purely on dns/ip addr. and is less vulnurable to spoofing) - encrypted session between the hosts. With 4.0 you get OpenSSH, read the documentation and config files in /etc/ssh for information on this, as far as I can see the default setup already allows for most of what you need. (From what I see it will allow a root login over ssh if root only issues a command, it wont allow interactive login by root... am I correct here??) Bart van Leeuwen ----------------------------------------------------------- mailto:bart@ixori.demon.nl - http://www.ixori.demon.nl/ ----------------------------------------------------------- On Tue, 21 Mar 2000, Nathan Vidican wrote: > I have been using a machine on an internal LAN to do tape backups for > another. Both machines were running FreeBSD 3.4. When I recently > upgraded the machine with the tape backup drive attached to it, the > backups no longer function. The configuration is as follows: > > Machine One: > -requires the ability to 'tar cvzf machine-two:/dev/rsa0 /' > > Machine Two: > -used to allow machine one, (via an entry from /root/.rhosts), to > perform it's backups remotely > -recently upgraded from 3.4 to 4.0 -RELEASE > -no reports errors that authentication failed > -/etc/pam.conf says rhosts is broken > > I understand rhosts is not a 'secure' way of doing things, and that it > posses some serious problems; but it worked. The bottom line is that it > worked, and never caused any problems along the way. I am not opposed to > trying a different method if need be, but to be completely honest I'm > not sure what that different way should be? > Any ideas, comments, suggestions, or otherwise are greatly > appreciated. > > Nathan Vidican > webmaster@wmptl.com > Windsor Match Plate & Tool Ltd. > http://www.wmptl.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message