[TAG] rsh - remote shell

John Karns jkarns at csd.net
Wed Sep 22 22:43:54 MSD 2004 

On Tue, 21 Sep 2004, Alex Kalman wrote:

> Hi,
>
> One more question.
>
> Our computer with suse linux 7.3 is connected in a network of a factory.
> I have checked up that ping and ftp from any computer on SUSE Linux 7.3
> is. It means that we have a communication in a network of a factory with
> a computer SUSE Linux 7.3.
>
> I have written a command in computer of PC(Windows 2000):
>
>
> c:\ > rsh 145.10.222.91 -l plr  -n /u
>               or
> c:\ > rsh 145.10.222.91 -l root -n /u
>
> Here that I have received after start of a command:
>
> 145.10.222.91: Permission denied.
> rsh: can't establish connection

You will most likely need to edit /etc/hosts.allow on the machine that you 
want to connect to (the 145.10.222.91 host).

Since your host is on a class B network, I can only suggest a solution 
based on an extrapolation of what works for me on class C networks.

For starters (only temporarily for testing purposes), try adding a line 
like the following to your /etc/hosts.allow:

ALL : ALL

then as root, issue the command:

/etc/rc.d/inetd restart

and try connecting to that host from the other machine.

That things should work regardless of the type of network you are using, 
provided that you were lacking this permission before.  The network type 
dependent part follows.

If that works, then you should replace the hosts.allow line you added 
above with:

ALL : 145.10.

(again followed by restarting inetd as above) which will allow any other 
machine on the 145.10 subnet to connect to that host, which may not be a 
good idea, depending on how exposed to the outside world the host is.  But 
at least it somewhat limits the exposure.

It should also go without saying that you really shouldn't be using rsh 
and telnet, but the much more secure ssh family of tools instead; but 
that's your choice.  But you would still have to take these steps to use 
ssh.

And lastly, ssh has undergone some important security related fixes since 
SuSE 7.3 was relased.  And since the SuSE mirrors are no longer carrying 
the 7.3 version updates (or maybe you can find them somewhere, they just 
aren't with the currently supported versions on the mirrors), in order to 
update ssh, you would have to download, install, and compile the source to 
get an up-to-date version.

-- 
John Karns

More information about the TAG mailing list