rsh -l doesn't require a password

Ehud Karni ehud@unix.simonwiesel.co.il
Mon Jan 22 11:00:00 GMT 2001


On Mon, 22 Jan 2001 09:36:47 -0500,
Jason Tishler <Jason.Tishler@dothill.com> wrote:
> 
> On Mon, Jan 22, 2001 at 02:12:01PM +0000, Keith Starsmeare wrote:
> > I can access my NT box via rsh remotely without giving a password
> > if I use the -l option to specify a valid user account:
> > 
> >   % rsh -l kstarsm kampala id
> > 
> > As I haven't set up the hosts.equiv or .rhosts files I would hope
> > to see:        Permission denied.
> 
> Since Cygwin's mkpasswd creates an empty pw_passwd field, ....
> any user is allowed rsh access.
> 
> I "fixed" the problem by inserting asterisks into the pw_passwd
> fields in my /etc/passwd file.  For example:
> 
>     jt:*:1004:513:Jason Tishler,S-1...
>        ^
>        +--- here

This is normal UNIX behavior, on any UNIX system I know. `rsh' or
`rlogin' does not provide more security than `telnet', and since you
can login to any account without password just by knowing the user
name, so you can `rsh' or `rlogin' (On the other hand FTP does not
work on accounts without password).

The asterisk or any non possible encrypted passwd string (any string   
that is not exactly 13 characters long or has character other then
. / 0-9 a-z A-Z, e.g "XXXXXX", "2001-01-20-HH") has its own problems.
The user can not login with user name and password (no password will
fit !). The user can login through `rlogin' (when the proper ~/.rhosts
or /etc/host.equive exists) or `ssh' (using RSA or DSA authentication)
or s/he can use the `su' command from root (which I'm not sure works
on Windows).

The proper way is to set the password using the `passwd' command
(which the Cygwin developers has ported).

This illustrate one of the Cygwin problem: even people who work on
UNIX for many years but lack administrator knowledge fall prey to
simple mistakes/omissions which are not mentioned explicitly on the
README (sometimes not even on the man pages).   

I did not fall into this trap because I copied my /etc/passwd from
the Linux. On the other hand my extra services which I had in
/etc/services did not work until I added them into the windows
services file (the same is true for /etc/hosts of course).

Ehud.


-- 
 @@@@@@ @@@ @@@@@@ @    @   Ehud Karni  Simon & Wiesel  Insurance agency
     @    @      @  @@  @   Tel: +972-3-6212-757    Fax: +972-3-6292-544
     @    @ @    @ @  @@    (USA)  Fax  and  voice  mail:  1-815-5509341
     @    @ @    @ @    @        Better     Safe     Than     Sorry
 http://www.simonwiesel.co.il    mailto:ehud@unix.simonwiesel.co.il

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list