rsh under SuSE

I have installed in.rlogind, in.rshd, and in.rexecd services and added them
to the xinetd.conf as login, shell and login respectively. When I try to
rsh for a remote system, ( I added + to hosts.equiv and .rhosts to the
appropriate user login ) I get the following in the /var/messages file and
the prompt doesn't give any information, but just sits there until I
controlC out.

Mar 7 11:08:52 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33610 DF PROTO=TCP
SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)
Mar 7 11:08:55 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33611 DF PROTO=TCP
SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)

Does anybody know what the messages mean and what I have to do additionally?


As always, all help is appreciated.

Thanks,

Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: rsh under SuSE

Kirkwood, David A said:
> I have installed in.rlogind, in.rshd, and in.rexecd services and added
> them
> to the xinetd.conf as login, shell and login respectively. When I try to
> rsh for a remote system, ( I added + to hosts.equiv and .rhosts to the
> appropriate user login ) I get the following in the /var/messages file and
> the prompt doesn't give any information, but just sits there until I
> controlC out.

That is the proper behaviour for wrongful configuration. ;)

> Mar 7 11:08:52 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
> MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
> DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33610 DF PROTO=TCP
> SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)
> Mar 7 11:08:55 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
> MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
> DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33611 DF PROTO=TCP
> SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)
>
> Does anybody know what the messages mean and what I have to do
> additionally?

hosts.equiv belongs in /etc of each server with proper permissions, IIRC,
0600 belonging to root.root and .rhosts should belong to the remote user,
in the user's $HOME with same permissions.

HTH

Scott.

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: rsh under SuSE

On Mon, 2005-03-07 at 09:44 -0800, Scott Taylor wrote:
> > DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33611 DF PROTO=TCP
> > SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)

It looks like "iptables -A INPUT somerule -j LOG" to me.

> > Does anybody know what the messages mean and what I have to do
> > additionally?
>
> hosts.equiv belongs in /etc of each server with proper permissions, IIRC,
> 0600 belonging to root.root and .rhosts should belong to the remote user,
> in the user's $HOME with same permissions.

Maybe checking for the local firewall. In some distros, adding "rsh"
to /etc/securetty solves some of the problems.

--
Juan Carlos Inostroza O.
Registered Linux User #246002
jci@tux.cl - http://www.tux.cl
"Beyond the senses is the mind, and beyond the mind is the reason,
its essence."
-- Katha Upanisad 6.7

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: rsh under SuSE

Juan Carlos Inostroza said:
> On Mon, 2005-03-07 at 09:44 -0800, Scott Taylor wrote:
>
> In some distros, adding "rsh"
> to /etc/securetty solves some of the problems.

That will only help bypass the root rsh security, regular users shouldn't
need that hack.

--
Scott
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: rsh under SuSE

Scott Taylor said:
>
> Juan Carlos Inostroza said:
>> On Mon, 2005-03-07 at 09:44 -0800, Scott Taylor wrote:
>>
>> In some distros, adding "rsh"
>> to /etc/securetty solves some of the problems.
>
> That will only help bypass the root rsh security, regular users shouldn't
> need that hack.

I should clarify: adding rsh to /etc/securetty will allow root, from a
remote site, to login. This will not fix a poor configuration, only break
the don't-allow-root-through-rsh security.

--
Scott
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

RE: rsh under SuSE

Please disregard and thanks to all who responded.

I forgot to enable the firewall to allow these services from the outside. As
soon as I enabled ports 512-514 everything started working....

Dumb on my part.

Thanks,

Dave


-----Original Message-----
From: linux-admin-owner@vger.kernel.org
[mailto:linux-admin-owner@vger.kernel.org]On Behalf Of Kirkwood, David A
Sent: Monday, March 07, 2005 11:52 AM
To: 'Linux Mail List'
Subject: rsh under SuSE


I have installed in.rlogind, in.rshd, and in.rexecd services and added them
to the xinetd.conf as login, shell and login respectively. When I try to
rsh for a remote system, ( I added + to hosts.equiv and .rhosts to the
appropriate user login ) I get the following in the /var/messages file and
the prompt doesn't give any information, but just sits there until I
controlC out.

Mar 7 11:08:52 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33610 DF PROTO=TCP
SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)
Mar 7 11:08:55 linux kernel: SFW2-INext-DROP IN=eth0 OUT=
MAC=00:11:43:5c:1d:6f:00:03:ba:09:48:02:08:00 SRC=192.168.1.100
DST=192.168.1.47 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=33611 DF PROTO=TCP
SPT=1021 DPT=514 WINDOW=24820 RES=0x00 SYN URGP=0 OPT (01010402020405B4)

Does anybody know what the messages mean and what I have to do additionally?


As always, all help is appreciated.

Thanks,

Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html