[TAG] rsh - remote shell
jkarns at csd.net
Wed Sep 22 22:43:54 MSD 2004
On Tue, 21 Sep 2004, Alex Kalman wrote:
> One more question.
> Our computer with suse linux 7.3 is connected in a network of a factory.
> I have checked up that ping and ftp from any computer on SUSE Linux 7.3
> is. It means that we have a communication in a network of a factory with
> a computer SUSE Linux 7.3.
> I have written a command in computer of PC(Windows 2000):
> c:\ > rsh 18.104.22.168 -l plr -n /u
> c:\ > rsh 22.214.171.124 -l root -n /u
> Here that I have received after start of a command:
> 126.96.36.199: Permission denied.
> rsh: can't establish connection
You will most likely need to edit /etc/hosts.allow on the machine that you
want to connect to (the 188.8.131.52 host).
Since your host is on a class B network, I can only suggest a solution
based on an extrapolation of what works for me on class C networks.
For starters (only temporarily for testing purposes), try adding a line
like the following to your /etc/hosts.allow:
ALL : ALL
then as root, issue the command:
and try connecting to that host from the other machine.
That things should work regardless of the type of network you are using,
provided that you were lacking this permission before. The network type
dependent part follows.
If that works, then you should replace the hosts.allow line you added
ALL : 145.10.
(again followed by restarting inetd as above) which will allow any other
machine on the 145.10 subnet to connect to that host, which may not be a
good idea, depending on how exposed to the outside world the host is. But
at least it somewhat limits the exposure.
It should also go without saying that you really shouldn't be using rsh
and telnet, but the much more secure ssh family of tools instead; but
that's your choice. But you would still have to take these steps to use
And lastly, ssh has undergone some important security related fixes since
SuSE 7.3 was relased. And since the SuSE mirrors are no longer carrying
the 7.3 version updates (or maybe you can find them somewhere, they just
aren't with the currently supported versions on the mirrors), in order to
update ssh, you would have to download, install, and compile the source to
get an up-to-date version.
More information about the TAG