|
|
 |
Getting Started
Using rsh
|
|
In many environments, ssh
has taken over from the Berkeley r* commands (rsh, rlogin, crp and rexec).
This is because the r* commands pass all data, including password, across the
network unencrypted and so can be easily snooped.
However, in a controlled environment, where the security risks are
not a problem, the r* commands are still useful
because they have much lower overheads and are still easily
available. This note gives a brief description on how to set up
the server so that rsh can be used, as this is especially
useful in scripts for running code on the target and capturing the
results on the host.
-
First enable the rsh daemon in the
/etc/inetd.conf file
on the target. For more details on this file, see the
inetd.conf(5) man page.
The daemon uses the shell port (which is 514).
Usually there will already be a line describing this, which will be
commented out, if there is, uncomment it, and make sure the parameters
are correct. If there is no existing line, add one:
shell stream tcp nowait root /usr/sbin/tcpd in.rshd -Lh
|
|
|
The options are:
-
-L successful accesses to be logged to syslogd
-
-h allow root logins
-
There are a couple of files which are used to control access to
the r* commands:
-
/etc/hosts.equiv is used for all users except root.
-
$HOME/.rhosts (in the target user's home directory)
is checked after /etc/hosts.equiv if that lookup
failed.
Each file consists of a list of host and user names which
should be allowed access:
-
First column is the name of machines that you wish to allow
logins from.
-
Second column is the name of the user who will be running
rsh. If this is blank, it is assumed to be the
same as the username on the target.
Each of the two fields can be simply + to indicate a wildcard.
So for example, to allow the user fred, on the machine saturn to
to log in as root on the target, add the line:
to /root/.rhosts.
-
Finally, restart
inetd:
target# kill -HUP `cat /var/run/inetd.pid`
|
|
|
and try it out:
host% rsh -l root target uname -a
|
|
|
|
