 The Answer Guy
	The Answer Guy
	 
 Getting 'rsh' to work
Getting 'rsh' to work
From Anthony Howe on Mon, 14 Dec 1998
 Oh hum.  I'm having trouble with getting rsh to work between two
machines for a specific task.  I've read the rsh, tcpd, and hosts.allow
man pages and I still can't get it to work.
Oh hum.  I'm having trouble with getting rsh to work between two
machines for a specific task.  I've read the rsh, tcpd, and hosts.allow
man pages and I still can't get it to work.
Now every time I try and do something as simple as:
ALL:ALL
in.rshd:1.2.3.4
"shell" line uncommented
client     A     1.2.3.4
4.3.2.1.in-addr.arpa     PTR     client
joe@client$ rsh server '/bin/ls /home/joe'
I get "Permission denied". The logs on neither client nor server provide no reason for the "Permission denied".
Maybe I just over-tired, but I can't figure out what I'm overlooking. Can anyone please tell me what I'm missing?
What is the precise line in your /etc/inetd.conf?
Some versions of in.rshd and in.rlogind have options which force the daemon to ignore .rhosts files (-l) allow 'superuser' access (-h), syslog all access attempts (-L), and perform "double reverse lookups" (-a).
It looks like your forward and reverse records are alright (assuming that the client's /etc/resolv.conf is pointing at a name server that recognized the authority for the zones you're using).
Note: If you are going through IP Masquerading at some point (some sort of proxy/firewall package) then there's also the remote chance that your source port is being remapped to some unprivileged (>1024) port as the packets are re-written by your masquerading/NAT router.
I did complain to the Linux/GNU maintainers of the rshd/rlogind package about the fact that their syslog messages don't provide more detailed errors on denial. However, I'm not enough of a coder to supply patches.
To test this without TCP Wrappers at all try commenting out the line that looks something like:
shell stream tcp nowait root /usr/sbin/tcpd in.rshd -a
... and replacing it with something like:
shell stream tcp nowait root /usr/sbin/in.rshd in.rshd -L
(note: we just changed the tcpd to refer to rshd).
| ![[ Answer Guy Index ]](../../gx/dennis/answernew.gif) | a | b | c | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 9 | 10 | 11 | 12 | |||||
| 15 | 16 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | |||||||
| 29 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 44 | ||||||
| 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 
| 67 | 69 | 72 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 84 | 85 | 86 | 87 | 91 | 94 | 95 | 96 | 97 | 98 |