What Is the "rhosts" Mechanism in Linux/Unix?

The .rhosts file determines who has local access to a system

Man using computer at kitchen table

Hero Images / Getty Images

The .rhosts mechanism allows users to log in to a UNIX-based system from another computer on the same network. The .rhosts file contains a list of hosts and user names that determines who can log in to a system remotely without a password.

Information in this article applies to UNIX-based operating systems including Linux, macOS, and Android.

What Is rhost?

The .rhosts file is related to the hosts.equiv file, which also permits users to access their accounts on different computers. The difference is that the hosts.equiv file lives in the root directory of the local system and contains a list of trusted remote hosts (other computers on the same network) and users that have local access. The .rhosts file is a hidden file in the local user's home directory that contains a list of trusted remote hosts and users.

The .rhosts file must be located in the top level of the user's home directory to be accessible.

How Does rhost Work?

The .rhosts and hosts.equiv files serve as databases for the rcp, rlogin, and rsh CMD commands, all of which are used to specify trusted hosts and users. The .rhost file contains a list of one-line entries in the format hostname username where the hostname is the full domain name of the host (not an alias).

Entries are either positive or negative. If matching positive entries are found in both the .rhosts and local hosts.equiv files, then authentication is successful. If negative or no entries are found, authentication fails.

If the .rhost file contains multiple positive and negative entries, the entry that's listed first takes precedent.

rhost Host and User Names

The host name can take a few different forms:

  • +: All hosts on the network are trusted.
  • hostname: All users who log in from the remote host hostname are trusted.
  • -hostname: The host is not trusted.
  • +@netgroup: All hosts in the net group netgroup are trusted.
  • -@netgroup: No hosts in the net group are trusted.

The user name works similarly:

  • +: All users on the network are trusted.
  • username: The remote user username is trusted.
  • -username: The user is not trusted.
  • +@netgroup: All users in the net group netgroup are trusted.
  • -@netgroup: No users in the netgroup are trusted.

Examples of rhost Entries

The following entry in the local user's .rhosts file allows the remote user Robert at the remote host myhost.example.com to log in as a local user on the local host:

myhost.example.com robert

If you wanted to deny local access to all users on the remote host, you would enter:

-myhost.example.com

It's also possible to allow all hosts in a net group local access while creating exceptions for specific users. For example, if you wanted to allow all hosts in the net group Lifewire while denying the user Robert, you would enter:

+@lifewire -robert

Deny (-) statements should always precede accept (+) statements in the .rhost file.

Security Risks of Using rhosts

Keeping an .rhost file on your system opens the door for potential security threats. For example, hackers can forge IP addresses or DNS information to gain entry to your system. Therefore, you should restrict read-write permissions to the owner only.

Unlike hosts.equiv files, which are protected by administrator privileges, .rhosts files can be created by any user, putting the whole system at risk. If you are the administrator for your network, then you should disallow .rhosts files, although you may need to keep one in the root account for network backups.