"The Linux Gazette...making Linux just a little more fun!"


(?) The Answer Guy (!)


By James T. Dennis, tag@lists.linuxgazette.net
Starshine Technical Services, http://www.starshine.org/


(?) Getting 'rsh' to work

From Anthony Howe on Mon, 14 Dec 1998

(?) Oh hum. I'm having trouble with getting rsh to work between two machines for a specific task. I've read the rsh, tcpd, and hosts.allow man pages and I still can't get it to work.

  1. the same user "joe" with the same password exists on both "client" and "server" machines.
  2. server's hosts.deny:
    ALL:ALL
  3. server's hosts.allow:
    in.rshd:1.2.3.4
  4. server's inetd.conf:
    "shell" line uncommented
  5. I have an A record for:
    client     A     1.2.3.4
  6. and I have a PTR record for:
    4.3.2.1.in-addr.arpa     PTR     client
Now every time I try and do something as simple as:

joe@client$ rsh server '/bin/ls /home/joe'

I get "Permission denied". The logs on neither client nor server provide no reason for the "Permission denied".

Maybe I just over-tired, but I can't figure out what I'm overlooking. Can anyone please tell me what I'm missing?

(!) What is the precise line in your /etc/inetd.conf?
Some versions of in.rshd and in.rlogind have options which force the daemon to ignore .rhosts files (-l) allow 'superuser' access (-h), syslog all access attempts (-L), and perform "double reverse lookups" (-a).
It looks like your forward and reverse records are alright (assuming that the client's /etc/resolv.conf is pointing at a name server that recognized the authority for the zones you're using).
Note: If you are going through IP Masquerading at some point (some sort of proxy/firewall package) then there's also the remote chance that your source port is being remapped to some unprivileged (>1024) port as the packets are re-written by your masquerading/NAT router.
I did complain to the Linux/GNU maintainers of the rshd/rlogind package about the fact that their syslog messages don't provide more detailed errors on denial. However, I'm not enough of a coder to supply patches.
To test this without TCP Wrappers at all try commenting out the line that looks something like:
shell	stream	tcp	nowait	root	/usr/sbin/tcpd		in.rshd -a
... and replacing it with something like:
shell	stream	tcp	nowait	root	/usr/sbin/in.rshd	in.rshd -L
(note: we just changed the tcpd to refer to rshd).


Copyright © 1999, James T. Dennis
Published in The Linux Gazette Issue 36 January 1999


[ Answer Guy Index ] a b c 1 2 3 4 5 6 7 9 10 11 12
15 16 18 19 20 21 22 23 24 25 26 27 28
29 31 32 33 34 35 36 37 38 39 40 41 42 44
45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 62 63 64 65 66
67 69 72 76 77 78 79 80 81 82 84 85 86 87 91 94 95 96 97 98


[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Next Section ]