This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Problem with rsh


Before someone else brings this up:  although blanking the "Unused by...."
does allow anyone to rsh into the machine.  It also adds a nasty artifact in
that anyone can login as anyone else by using the -l option (rsh hostname -l
different_user).  It looks like ever since 1.3.2 you have had to use a
hosts.equiv or .rhosts file.

Simplest way is to add a file callled hosts.equiv to etc and include a list
of all machines that should be allowed to access this machine.  Unfortunatly
using the documented "+" in this file doesn't seem to work anymore (Note:
it no longer works on RH Linux 7.2 either unless you set /etc/pam.d/rsh and
rlogin to "permiscuis"..  an option not avaliable to cygwin).  Personally, I
use a perl script to cull the hosts file from my dns server to do generate
this file once a day.  I've never gotten an answer from the list on how to
get the "+" entry to work and would welcome any solution to that problem.
Documentation on all this seems rather limited and often apocryphal as
specific to cygwin.

Bruce D


----- Original Message -----
From: "Andrew DeFaria" <ADeFaria@Salira.com>
Cc: <cygwin@cygwin.com>
Sent: Friday, October 25, 2002 3:23 PM
Subject: Re: Problem with rsh


> David Rothenberger wrote:
>
> >Check your /etc/passwd file and make sure there is no entry in the
password field (the second field).  You want something like this:
> >
> >someuser::11150:...
> >
> >and not something like this:
> >
> >someuser:unused_by_nt/2000/xp:11150:...
> >
> >An easy way to check if this is the culprit is to try doing an
> >rlogin.  For me, this will ask me for a password and then succeed if I
have an entry in the password field.  If the password field is empty, it
succeeds without asking for a password.
> >
> Wham! Good answer! It works!
>
> Actually I viewed the "unused_by_nt/2000/xp" string as ugly and replaced
> it with the traditional "*" instead. But you're right, if you put
> anything in there it gives me a Permission denied for "rsh <machine>
> <command>". Looks like some security checking got tightened up.
>
> This does lead to a question as I believe some other services (ssh?
> exim? I forget) require that you put an actual passwd in /etc/passwd.
> They also described how to generate the crypt string. I've done this on
> my home machine so I copied that encrypted string to my work machine and
> I still get permission denied. Sounds like it's still a problem but at
> least I have a workaround for work. Thanks.
>
> >
> >Andrew DeFaria wrote:
> >
> >
> >>I've run into a major problem using rsh. Note that I've been using rsh
> >>successfully for a while and many people here depend on being able to
> >>rsh into the server. However now I get:
> >>
> >>$ rsh server id
> >>server.mydomain.com: Permission denied.
> >>
> >>
>
> --
>
> Salira <http://www.salira.com>
> Ethernet Simple, Fiber Fast
>
> 5451 Patrick Henry Drive
> Santa Clara, CA 95054
> Phone: (408)-845-5321
> Fax: (408)-845-5205
> Email: ADeFaria@Salira.com
> <mailto:Andrew%20DeFaria%20%3CADeFaria@Salira.com%3E>
> Web: http://www.salira.com
>
> Instant Messaging
> AIM:
> defaria
> MSN:
> Andrew@DeFaria.com
> Yahoo:
> andrew_defaria
> ICQ #:
> 23552673
>
>
> Andrew DeFaria <http://DeFaria.com>
> Clearcase Administrator
> Email: Andrew@DeFaria.com <mailto:Andrew@DeFaria.com>
> Web: http://DeFaria.com
>
>
>
>
>
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]