rsh under SuSE

rsh under SuSE

[Kirkwood, David A]

I have installed in.rlogind, in.rshd, and in.rexecd services and added them
to the xinetd.conf as login,  shell and login respectively. When I try to
rsh for a remote system, ( I added + to hosts.equiv and .rhosts to the
appropriate user login ) I get the following in the /var/messages file and
the prompt doesn't give any information, but just sits there until I
controlC out. 

Mar  7 11:08:52 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33610 DF PROTO=TCP
SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)
Mar  7 11:08:55 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33611 DF PROTO=TCP
SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)

Does anybody know what the messages mean and what I have to do additionally?


As always, all help is appreciated.

Thanks,

Dave

Re: rsh under SuSE

[Scott Taylor]

Kirkwood, David A said:
> I have installed in.rlogind, in.rshd, and in.rexecd services and added
> them
> to the xinetd.conf as login,  shell and login respectively. When I try to
> rsh for a remote system, ( I added + to hosts.equiv and .rhosts to the
> appropriate user login ) I get the following in the /var/messages file and
> the prompt doesn't give any information, but just sits there until I
> controlC out.

That is the proper behaviour for wrongful configuration. ;)

> Mar  7 11:08:52 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
> MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
> DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33610 DF PROTO=TCP
> SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)
> Mar  7 11:08:55 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
> MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
> DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33611 DF PROTO=TCP
> SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)
>
> Does anybody know what the messages mean and what I have to do
> additionally?

hosts.equiv belongs in /etc of each server with proper permissions, IIRC,
0600 belonging to root.root and .rhosts should belong to the remote user,
in the user's $HOME with same permissions.

HTH

Scott.

Re: rsh under SuSE

[Juan Carlos Inostroza]

On Mon, 2005-03-07 at 09:44 -0800, Scott Taylor wrote:
> > DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33611 DF PROTO=TCP
> > SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)

It looks like "iptables -A INPUT somerule -j LOG" to me. 

> > Does anybody know what the messages mean and what I have to do
> > additionally?
> 
> hosts.equiv belongs in /etc of each server with proper permissions, IIRC,
> 0600 belonging to root.root and .rhosts should belong to the remote user,
> in the user's $HOME with same permissions.

Maybe checking for the local firewall. In some distros, adding "rsh"
to /etc/securetty solves some of the problems.

-- 
Juan Carlos Inostroza O.
Registered Linux User #246002
jci@tux.cl - http://www.tux.cl
"Beyond the senses is the mind, and beyond the mind is the reason,
its essence."
                -- Katha Upanisad 6.7

Re: rsh under SuSE

[Scott Taylor]

Juan Carlos Inostroza said:
> On Mon, 2005-03-07 at 09:44 -0800, Scott Taylor wrote:
>
> In some distros, adding "rsh"
> to /etc/securetty solves some of the problems.

That will only help bypass the root rsh security, regular users shouldn't
need that hack.

--
Scott

Re: rsh under SuSE

[Scott Taylor]

Scott Taylor said:
>
> Juan Carlos Inostroza said:
>> On Mon, 2005-03-07 at 09:44 -0800, Scott Taylor wrote:
>>
>> In some distros, adding "rsh"
>> to /etc/securetty solves some of the problems.
>
> That will only help bypass the root rsh security, regular users shouldn't
> need that hack.

I should clarify: adding rsh to /etc/securetty will allow root, from a
remote site, to login.  This will not fix a poor configuration, only break
the don't-allow-root-through-rsh security.

--
Scott

RE: rsh under SuSE

[Kirkwood, David A]

Please disregard and thanks to all who responded.

I forgot to enable the firewall to allow these services from the outside. As
soon as I enabled ports 512-514 everything started working....

Dumb on my part.

Thanks,

Dave


-----Original Message-----
From: linux-admin-owner@vger.kernel.org
[mailto:linux-admin-owner@vger.kernel.org]On Behalf Of Kirkwood, David A
Sent: Monday, March 07, 2005 11:52 AM
To: 'Linux Mail List'
Subject: rsh under SuSE


I have installed in.rlogind, in.rshd, and in.rexecd services and added them
to the xinetd.conf as login,  shell and login respectively. When I try to
rsh for a remote system, ( I added + to hosts.equiv and .rhosts to the
appropriate user login ) I get the following in the /var/messages file and
the prompt doesn't give any information, but just sits there until I
controlC out. 

Mar  7 11:08:52 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33610 DF PROTO=TCP
SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)
Mar  7 11:08:55 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33611 DF PROTO=TCP
SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)

Does anybody know what the messages mean and what I have to do additionally?


As always, all help is appreciated.

Thanks,

Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html