System Administration Guide: Network Services

/etc/hosts.equiv File

The /etc/hosts.equiv file contains a list of trusted hosts for a remote system, one per line. If a user attempts to log in remotely (using rlogin) from one of the hosts that is listed in this file, and if the remote system can access the user's password entry, the remote system allows the user to log in without a password.

A typical hosts.equiv file has the following structure:

host2 user_a

When a simple entry for a host is made in hosts.equiv, such as the previous entry for host1, it means that the host is trusted, and so is any user at that machine.

If the user name is also mentioned, as in the second entry in the example, then the host is trusted only if the specified user is attempting access.

A group name that is preceded by a plus sign (+) means that all the machines in that netgroup are considered trusted.

A group name that is preceded by a minus sign (–) means that none of the machines in that netgroup is considered trusted.

Security Risks When Using the /etc/hosts.equiv File

The /etc/hosts.equiv file presents a security risk. If you maintain a /etc/hosts.equiv file on your system, you should include only trusted hosts in your network. The file should not include any host that belongs to a different network, or any machines that are in public areas. For example, do not include a host that is located in a terminal room.

The use of hosts that are not trusted can create a serious security problem. Either replace the /etc/hosts.equiv file with a correctly configured one, or remove the file altogether.

A single line of + in the /etc/hosts.equiv file indicates that every known host is trusted.