The /etc/hosts.equiv file and the .rhosts file in a user's home directory contain the names of remote hosts and users that are equivalent to the local host or user. An equivalent host or user is allowed to access a local nonsuperuser account with the rsh command or rcp command, or to log in to such an account without having to supply a password.
The /etc/hosts.equiv file specifies equivalence for an entire system, while a user's .rhosts file specifies equivalence between that user and remote users. The local user and the target system exist in the same area as the hosts.equiv file. The .rhosts file must be owned by the user in whose home directory the file is located, or by the superuser. It cannot be a symbolic link.
Each line, or entry, in hosts.equiv or .rhosts may consist of the following: A blank line. A comment (begins with a #). A host name (a string of any printable characters except newline, #, or white space). In addition, an NIS netgroup can be specified in place of the host name. A host name followed by white space and a user name. In addition, an NIS netgroup can be specified in place of the host name, user name, or both. A single plus (+) character. This means any host and user. The keyword NO_PLUS. This keyword disallows the use of the plus character (+) to match any host or user on a system-wide basis. By default, the line containing this keyword is a comment. Remove the comment character to disallow the use of the plus character.
Entries in the hosts.equiv file are either positive or negative. Positive entries allow access; negative entries deny access. The following entries are positive: host name user name [email protected]
In addition, the plus sign (+) can be used in place of the host name or user name. In place of the host name, it means any remote host. In place of the user name, it means any user.
The following entries are negative: -host name -user name [email protected]
To be allowed access or denied access, a user's remote host name and user name must match an entry in hosts.equiv or .rhosts. The hosts.equiv file is searched first; if a match is found, the search ends. Therefore, the order in which the positive and negative entries appear is important. If a match is not found, .rhosts is searched if it exists in the user's home directory.
A host name or user name can match an entry in hosts.equiv in one of the following ways: The official host name (not an alias) of the remote host matches a host name in hosts.equiv. The remote user name matches a user name in hosts.equiv. If a user name parameter is included in the hosts.equiv file, this means that the remote user is a trusted user and is allowed to rlogin to any local user account without being prompted for a password. Otherwise, if the user name parameter is not specified in the hosts.equiv file, the name of the remote user must match that of the local user. If the remote user name does not match a user name in hosts.equiv, the remote user name matches the local user name.
For security purposes, the files /etc/hosts.equiv and .rhosts should exist and be readable and writable only by the owner, even if they are empty.
The following are sample entries in an /etc/hosts.equiv file: # Allows access to users on host1 and host2 that have accounts on this host: host1 host2 # Allows access to user johnson on host1 to any local user: host1 johnson # Allows access to all users on systems specified in netgroup chicago [email protected] # Denies access to users specified in netgroup finance on host5 host5 [email protected] # Allows access to all users on all systems except root + -root
Commands: rcp(1), rlogin(1), rsh(1)
Daemons: rlogind(8), rshd(8) delim off