Rlogin without password

[Trent Piepho]

On Mon, 30 Dec 2002, Frank Summers wrote:
> 1) Add rsh and rlogin to the file /etc/securetty. Just add two lines to
> the end of the file with "rsh" on one and "rlogin" on the other.

Accoring to the securetty(5) and login(1) man pages, you're just supposed to
list tty devices from /dev, there's nothing about "rsh" or "rlogin" being
valid.  I added ttyp[0-5], which is somewhat sub-optimal since root won't be
allowed to login if the first six pseudo-ttys are already in use, though in
practice that hasn't been a problem.  Do you know where you found out about
adding "rsh" as a tty?  That's sounds like a much better way to do it if it
really works.

> 
> 3A) Make sure that TCP Wrappers doesn't block the cluster machines.
> In /etc/hosts.allow, they should be listed with a line like
> "ALL: 192.168.1. localhost",  where 192.168.1.XXX is the private
> network for the cluster. One should also make sure that /etc/hosts.deny
> has only one line reading "ALL:ALL".

Insead of adding ALL to hosts.allow, add two lines like:
in.rshd : 192.168.0. 
in.rlogind : 192.168.0.

That way you're only opening up rsh and rlogin ports, not ftp, telnet, daytime
or what have you.

> 4) If you want root rlogin capability (insert usual danger warnings,
> etc), then you need an rhosts file for root ( /root/.rhosts ) that
> lists all the cluster machines.

Also make sure that the .rhosts file is owned by root and not writable by
group or other, or it won't work.  You can also omit the hosts.equiv step if
you only want users with .rhosts to have rsh without password ability.