How many server you have right now? If it below 10 then maybe you memorize all the user/root password in your head. If you don’t like remembering things, maybe you have some note written on your wallet or in your Laptop’s Desktop.
What if you have 20 server or more? Than you must have some note 🙂 . Some friend of mine set the root password with some pattern. For example “sysadmin_<hostname>”. We’ll it does help.
But sometime you have so many server and there is an internal policy in company (CISA guy usually define this) to change your password in some interval of time. Than you have to use RSH in your entire server.
Your network maybe looks like this:
To set up RSH effectively, get one of server or workstation to be “sysadminhut”. This server will be the starting point to RSH to other server.
In the sysadminhut set up SSH enable. Just to make sure the security is enough. Well you know what they say, the most risk not come from outside. You can get the instruction on installing OpenSSH at www.sunfreeware.com.
At sysadminhut, set up the /etc/hosts with the list of server you want to maintain. For example:
#
# Internet host table
#
127.0.0.1 localhost
1.2.3.1 sysadminhut loghost
1.2.3.11 solaris10
At the other server (solaris10), setup /etc/hosts like this
#
# Internet host table
#
127.0.0.1 localhost
1.2.3.11 solaris10 loghost
1.2.3.1 sysadminhut
And setup /.rhosts like this
sysadminhut root
Then try RSH from your sysadminhut to your server.
root@sysadminhut#rsh solaris10
Hooray, now you don’t have to remember password anymore ^_^
Another advantage is:
1. If you have a bunch of System Administrator that manage same machine, one of them maybe change the root password while you were on holiday or sick. With this, you can easily connect to server without needed to know the password.
2. Increase security. Because you don’t have to type password in insecure telnet. Yeah I know we can use SSH instead but if you have so many server, you might get lazy:). Or as an operator, sometime you don’t know what will happen to the application if you installed another package.
3. If your Server Farm is behind DMZ (Demilitarized zone), you only have to add ACL (access list) between your Workstation and your sysadminhut.
February 23, 2007 at 1:11 am
kalo sysadminhutnya dimasukin oranggak bertanggungjawab gimana? trus itu kata orang CISA gimana?
February 23, 2007 at 9:00 am
CISA sih pingin semua mesin secure. Tapi kita nolak kecuali dia memastikan ga ada aplikasi yg bermasalah.
sysadminhut itu mesti bener2 secure dan kalo bisa dibelakang firewall.
March 21, 2007 at 9:26 am
Ok, sysadminhut bener2 secure dan di belakang firewall.
Masalah timbul ketika, sysadminhut bisa di akses dari desktop tempat biasa sehari – hari bekerja. Dan desktop tersebut bisa di akses secara remote dari internet. *hore*
June 2, 2007 at 12:12 am
This is insane. rsh is completely insecure and should have been abandoned years ago. The same functionality can be achieved with ssh and keys.
November 3, 2007 at 4:58 am
I agree that rsh is insecure, but I think you’ll be fine with this setup if you use a kerberized version of rsh.
May 19, 2008 at 3:35 pm
wah lilis ora mudEng
opo siNg di tulis
lilis 🙂 ajah ah
January 12, 2009 at 7:00 pm
mending pake key ssh. jadi login ssh-nya gak pake password, tapi pake key. ini jauh lebih secure. dengan catatan laptop/desktop untuk nyimpen key disimpen baek-baek. jangan dipake orang lain 😀