[TAG] rsh - remote shell and rlogin (SUSE Linux 7.3)

John Karns jkarns at csd.net
Sat Sep 25 03:56:36 MSD 2004 

On Fri, 24 Sep 2004, Alex Kalman wrote:

>
> Hello,
>
> Thanks you that has answered me.

Ok, glad to help


> One more question:
>
> 1.I tried to make that you have written:
>
> */etc/hosts.allow:
>
> *ALL : ALL
>
> *then as root, issue the command:
>
> */etc/rc.d/inetd restart
>
> , but and couldn't enter with a command rsh in a
> computer(145.10.222.91). Something else is not open or it is necessary
> to open?

Sorry, I don't understand exactly what you're trying to say.  My guess is 
that you are telling us that you tried my suggestion and it still didn't 
let you connect.

If so, then in addition to the /etc/hosts.allow file, you need to check 
/etc/inetd.conf: look for a line containing the string "rsh".  There 
should be two lines, one ending with

in.rshd -aL

and the other with

in.rshd -L

both lines probably start with a "#" in the left-most column, which 
disables the service.  Delete the "#" from one of the lines.  Sorry, I 
can't say what difference the '-a' parameter makes to rshd.  As with the 
hosts.allow file, after making any changes to inetd.conf, you will need to 
restart the inetd daemon as I specified in my previous message.


> 2.I tried enter in a computer(145.10.222.91) by means of a command
> "rlogin", with  username - "root" and password  of "root",but couldn't.
> With another an username and password I can enter in a computer, but I
> need enter with "root".
>
> Why I cannot enter in a computer with username and password of the
> "root"?

It is a very bad idea to remotely login to a computer as the root user. 
As I mentioned in my previous message, rsh is insecure.  The reason is 
that the password that you enter is sent over the network as plain ascii 
text, which allows anyone who is connected to your network to "sniff" that 
information and thereby steal your password, and thus gain access to that 
host.

Note: It is also old software and probably not up to date with respect to 
known exploits, which would only add to the risk.  It was popular (along 
with telnet) in the days when the network users were trusted, and the 
networks were small.  Unless your network is isolated (not accessible from 
the internet or other local networks), you are well advised *not* to use 
rsh, but ssh instead.

That being said, if you have your mind made up that you are going to use 
rsh no metter what, then connect with a normal (non-priviledged) user. 
Then use the command 'su -' to login as root.

I don't have a SuSE 7.3 host to look at right now, and I can't remember 
which file it is that blocks remote access as root - ahh, now I remember. 
Those settings are to be found in /etc/rc.config.  Search for the word 
"remote".  You should find a line that specifies "ROOT_LOGIN_REMOTE", 
and change "no" to "yes".  Although I highly recommend that you leave it 
set to "no", and use "su" as I already mentioned.

-- 
John Karns

More information about the TAG mailing list