"The Linux Gazette...making Linux just a little more fun!"

The Answer Guy

By James T. Dennis, linux-questions-only@ssc.com
Starshine Technical Services, http://www.starshine.org/

Getting 'rsh' to work

From Anthony Howe on Mon, 14 Dec 1998

Oh hum. I'm having trouble with getting rsh to work between two machines for a specific task. I've read the rsh, tcpd, and hosts.allow man pages and I still can't get it to work.

the same user "joe" with the same password exists on both "client" and "server" machines.
server's hosts.deny:
ALL:ALL
server's hosts.allow:
in.rshd:1.2.3.4
server's inetd.conf:
"shell" line uncommented
I have an A record for:
client A 1.2.3.4
and I have a PTR record for:
4.3.2.1.in-addr.arpa PTR client

Now every time I try and do something as simple as:

joe@client$ rsh server '/bin/ls /home/joe'

I get "Permission denied". The logs on neither client nor server provide no reason for the "Permission denied".

Maybe I just over-tired, but I can't figure out what I'm overlooking. Can anyone please tell me what I'm missing?

What is the precise line in your /etc/inetd.conf?

Some versions of in.rshd and in.rlogind have options which force the daemon to ignore .rhosts files (-l) allow 'superuser' access (-h), syslog all access attempts (-L), and perform "double reverse lookups" (-a).

It looks like your forward and reverse records are alright (assuming that the client's /etc/resolv.conf is pointing at a name server that recognized the authority for the zones you're using).

Note: If you are going through IP Masquerading at some point (some sort of proxy/firewall package) then there's also the remote chance that your source port is being remapped to some unprivileged (>1024) port as the packets are re-written by your masquerading/NAT router.

I did complain to the Linux/GNU maintainers of the rshd/rlogind package about the fact that their syslog messages don't provide more detailed errors on denial. However, I'm not enough of a coder to supply patches.

To test this without TCP Wrappers at all try commenting out the line that looks something like:

shell	stream	tcp	nowait	root	/usr/sbin/tcpd		in.rshd -a

... and replacing it with something like:

shell	stream	tcp	nowait	root	/usr/sbin/in.rshd	in.rshd -L

(note: we just changed the tcpd to refer to rshd).

a b c 1 2 3 4 5 6 7 9 10 11 12
15 16 18 19 20 21 22 23 24 25 26 27 28
29 31 32 33 34 35 36 37 38 39 40 41 42 44
45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 62 63 64 65 66
67 69 72 76 77 78 79 80 81 82 84 85 86 87 91 94 95 96 97 98

						a	b	c	1	2	3	4	5	6	7	9	10	11	12
						15	16	18	19	20	21	22	23	24	25	26	27	28
						29	31	32	33	34	35	36	37	38	39	40	41	42	44
45	46	47	48	49	50	51	52	53	54	55	56	57	60	61	62	63	64	65	66
67	69	72	76	77	78	79	80	81	82	84	85	86	87	91	94	95	96	97	98

						a	b	c	1	2	3	4	5	6	7	9	10	11	12
						15	16	18	19	20	21	22	23	24	25	26	27	28
						29	31	32	33	34	35	36	37	38	39	40	41	42	44
45	46	47	48	49	50	51	52	53	54	55	56	57	60	61	62	63	64	65	66
67	69	72	76	77	78	79	80	81	82	84	85	86	87	91	94	95	96	97	98

"The Linux Gazette...making Linux just a little more fun!"

The Answer Guy

By James T. Dennis, linux-questions-only@ssc.com Starshine Technical Services, http://www.starshine.org/

Getting 'rsh' to work

Copyright © 1999, James T. Dennis Published in The Linux Gazette Issue 36 January 1999

By James T. Dennis, linux-questions-only@ssc.com
Starshine Technical Services, http://www.starshine.org/

Copyright © 1999, James T. Dennis
Published in The Linux Gazette Issue 36 January 1999

						a	b	c	1	2	3	4	5	6	7	9	10	11	12
						15	16	18	19	20	21	22	23	24	25	26	27	28
						29	31	32	33	34	35	36	37	38	39	40	41	42	44
45	46	47	48	49	50	51	52	53	54	55	56	57	60	61	62	63	64	65	66
67	69	72	76	77	78	79	80	81	82	84	85	86	87	91	94	95	96	97	98