Date: Tue, 21 Mar 2000 21:05:00 +0100 (CET) From: Bart van Leeuwen <bart@ixori.demon.nl> To: Nathan Vidican <webmaster@wmptl.com> Cc: freebsd-questions@freebsd.org Subject: Re: rhosts and FreeBSD 4.0 Message-ID: <Pine.BSF.4.21.0003212058460.21378-100000@isengard.ixori.demon.nl> In-Reply-To: <38D7CA04.5FABF3D2@wmptl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmm.. I have no idea why it fails now and didn't in the past, but I do have some idea about a beter solution for this. I'd most definitely use ssh for this and use RSA authentication between the hosts as a min requirement for allowing the login. This offers 2 enhancements over rsh: - better authentication (doesn't depend purely on dns/ip addr. and is less vulnurable to spoofing) - encrypted session between the hosts. With 4.0 you get OpenSSH, read the documentation and config files in /etc/ssh for information on this, as far as I can see the default setup already allows for most of what you need. (From what I see it will allow a root login over ssh if root only issues a command, it wont allow interactive login by root... am I correct here??) Bart van Leeuwen ----------------------------------------------------------- mailto:bart@ixori.demon.nl - http://www.ixori.demon.nl/ ----------------------------------------------------------- On Tue, 21 Mar 2000, Nathan Vidican wrote: > I have been using a machine on an internal LAN to do tape backups for > another. Both machines were running FreeBSD 3.4. When I recently > upgraded the machine with the tape backup drive attached to it, the > backups no longer function. The configuration is as follows: > > Machine One: > -requires the ability to 'tar cvzf machine-two:/dev/rsa0 /' > > Machine Two: > -used to allow machine one, (via an entry from /root/.rhosts), to > perform it's backups remotely > -recently upgraded from 3.4 to 4.0 -RELEASE > -no reports errors that authentication failed > -/etc/pam.conf says rhosts is broken > > I understand rhosts is not a 'secure' way of doing things, and that it > posses some serious problems; but it worked. The bottom line is that it > worked, and never caused any problems along the way. I am not opposed to > trying a different method if need be, but to be completely honest I'm > not sure what that different way should be? > Any ideas, comments, suggestions, or otherwise are greatly > appreciated. > > Nathan Vidican > webmaster@wmptl.com > Windsor Match Plate & Tool Ltd. > http://www.wmptl.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003212058460.21378-100000>