rhosts(4) — File Formats
NAME
rhosts, .rhosts, shosts, .shosts − Specifies remote users who can use a local user account
SYNOPSIS
$HOME/.rhosts
$HOME/.shosts
DESCRIPTION
The .rhosts file contains a list of remote users who are not required to supply a login password when they use the local user account and execute the rcp, rlogin, and rsh commands.
The .shosts file contains a list of remote users who are not required to supply a login password when they use the local user account and execute the scp2, sftp2, and ssh2 Secure Shell commands or the rcp, rlogin, and rsh commands when they are configured to use a Secure Shell connection. See Security Administration for more information about configuring these commands to use a Secure Shell connection.
The .rhosts file is read by the rlogind, rshd, and Secure Shell sshd daemons. The .shosts file is read only the the Secure Shell sshd daemon. If both files exist, the Secure Shell daemon reads the .rhosts file first, then the .shosts file. If either of these files allows access for a particular connection, a Secure Shell connection is used, even if the other file forbids it.
The .rhosts file and .shosts file are a hidden files in a user’s home directory. These files must be owned by the user or the root user and must not be writable by group or world, otherwise, it is not used. Although it is not required, it is recommended to set the permissions of these files to 600, so the file is not readable by group or world.
Each entry in the .rhosts file and .shosts file is of the following form:
host [user]
where:
hostThe fully qualified domain name of the remote host.
userThe login name of the remote user. This field is optional. If a user name is not specified, any user on the specified remote host is exempt from providing a password, and is assumed to have the same username on both the local and remote hosts.
Optionally, in the .rhosts and .shosts file you can specify a NIS netgroup name for the host name, user name, or both.
Entries in the .rhosts and .shosts file are either positive or negative. Positive entries allow access; negative entries deny access. The following entries are positive:
hostname
username
+@netgroup
The following entries are negative:
−hostname
−username
−@netgroup
In addition, in the .rhosts file you can use the plus sign (+) in place of the host name or user name. In place of the host name, it means any remote host. In place of the user name, it means any user. The use of the plus sign in this way is not supported in the .shosts file or in the .rhosts file if you configured the rcp, rlogin, and rsh commands to use a Secure Shell connection. See Security Administration for more information about configuring these commands to use a Secure Shell connection.
EXAMPLES
The following entries in the /u/chen/.rhosts file on host zeus allow users moshe and pierre at remote host venus.ne.corp.com and user robert at the hosts specified in the NIS netgroup chicago to log in to user chen’s home directory on host zeus:
venus.ne.corp.com moshe
venus.ne.corp.com pierre
+@chicago robert
The following entry in the /u/peter/.shosts file on host zeus allow the user evan at remote host saturn.ne.corp.com to log in to user peter’s home directory on host zeus:
saturn.ne.corp.com evan
FILES
$HOME/.rhosts
Specifies remote users who can use a local user account.
$HOME/.shosts
Specifies remote users who can use a local user account.
SEE ALSO
Commands: rcp(1), rlogin(1), rsh(1), scp2(1), sftp2(1), ssh2(1)
Functions: ruserok(3), rcmd(3)
Files: hosts.equiv(4), netgroup(4)
Guides: Security Administration