.rhosts
In Unix, a .rhosts file extends trust relationships to specific users on
remote computers. When it exists, it is located in a userÆs home directory, and contains the name of the remote computer, and optionally
the user name (if it is different from the hostÆs user name). .rhosts is used with the rlogin and rsh programs to avoid
transmitting a username and password across a network. .rhosts is useful if you know
ahead of time that youÆll be using a host from a specific remote computer.
There are some dangers associated with the use of .rhosts files. If security
is compromised on the remote computer, the attacker might rlogin to the host.
One way to minimize that risk is not to have .rhosts files on both machines point
at each other. If the account on the remote computer does not have a .rhosts
file, somebody whoÆs broken into the remote computer is less likely to break in to the host
computer.
Under no circumstances should you use a ô+ö (plus) character in .rhosts. The plus character has the effect of making
every computer a trusted host.