diff options
| author | Simon Biewald <simon@fam-biewald.de> | 2020-06-20 18:45:34 +0300 |
|---|---|---|
| committer | Simon Biewald <simon@fam-biewald.de> | 2020-06-20 18:45:34 +0300 |
| commit | 5cd33746a0a0a7fc85c888c12215749117a661e0 (patch) | |
| tree | 06c0c5052bd2e67db1f9185a0d6a5e752a0b3120 /default.prf | |
| parent | b7b132721e166d9809e081e4c082a9e843b2d345 (diff) | |
add (Open)SSH equivalents to rhost files
SSH also supports host based authentication. In contrast to the totally
insecure rsh, the hostnames are checked cryptographically. The
authorization checks are still done with the same syntax as with rsh.
In addition to the old rhosts/rlogin (and eqviv) file, SSH adds the
slogin file. This must not be writable as well, as attackers could
elevate their privileges.
Diffstat (limited to 'default.prf')
| -rw-r--r-- | default.prf | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/default.prf b/default.prf index 7f1a6899..26e10fc0 100644 --- a/default.prf +++ b/default.prf @@ -304,8 +304,10 @@ permfile=/etc/passwd:rw-r--r--:root:-:WARN: permfile=/etc/passwd-:rw-r--r--:root:-:WARN: permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN: permfile=/etc/hosts.equiv:rw-r--r--:root:root:WARN: +permfile=/etc/shosts.equiv:rw-r--r--:root:root:WARN: permfile=/root/.rhosts:rw-------:root:root:WARN: permfile=/root/.rlogin:rw-------:root:root:WARN: +permfile=/root/.shosts:rw-------:root:root:WARN: # These permissions differ by OS #permfile=/etc/gshadow:---------:root:-:WARN: |