The header up here may be looks very bad. But it is the normal setup for most of system admin that i know.
Normally system admin will configure password less key into the admin host. So, her is the loophole.
So, to get to know which server acting as the admin host and the trusted host. Again you still need a local account
into that system. Ok, step by step on how i did it.
1. Check where the vol0 of the filer was mounted. It is very easy. Normally it is not confidential. Anyone able to get it.
Run a show mount command followed by the filer name.
#showmount filer1 | grep vol0
2.login to adminhost1 server. Firstly where the vol0 is mounted. If it is not mounted. You can mount it by your own.
Then, find the file hosts.equiv file name.
#df -k | grep vol0
filer1:/vol/vol0 37748736 2324744 35423992 7% /filer1-root
3.hen find the trusted host of the filer. It is all inside hosts.equiv file.
#grep root hosts.equiv
4. some sys admin configured admin host and trusted host on the same server. But for security reason.Some doing it separately.
From the trusted host, you can ssh or rsh to filer directly. But first you must become a root. Because the filer allow root to access the filer.