rsh commands to 5.1-CURRENT being rejected
Cy Schubert
Cy.Schubert at komquats.com
Sun Sep 14 18:41:05 PDT 2003
In message <B0184329514 at mercury.ll.net>, supraexpress at globaleyes.net
writes:
> Sep 14 17:46:52 <local7.notice> target logger: TCP_Wrappers ALLOW: source/tar
> get,rshd,974,rshd at target
> Sep 14 17:46:52 <auth.info> target inetd[974]: connection from source, servic
> e rshd (tcp)
> Sep 14 17:46:52 <auth.info> target rshd[974]: root at source as root: permission
> denied (authentication error). cmd='date'
>
> /root/.rhosts (600): "source root"
>
> /etc/pam.d/rsh: not changed
>
> /etc/inetd.conf:
> shell stream tcp nowait root /usr/libexec/rshd rshd -L
>
> /etc/hosts: both "source" and "target" are defined
>
> /etc/named/s/: both "source" and "target" are defined
>
> 5.1-CURRENT: Wednesday, 20 August 2003 20:36:05
>
>
> Under FBSD-4.8, this is not a problem. Under FBSD-5.1, nothing I do
> seems to allow rsh from another LAN host.
>
> A TCPDUMP of the rsh session shows "root.root.<command>" coming from
> "source" and then "permission denied" coming from "target", where the
> TCPDUMP is running. The "source" host displays: "rshd: Login
> incorrect.". RSH from "target" to "source" works just fine?!?
A picture is worth a thousand words. (No worries folks, this is in my
internal network here at home. Professionally I use SSH and Kerberos
rsh.)
--- /usr/src/etc/pam.d/rsh Sun Feb 9 16:50:03 2003
+++ /etc/pam.d/rsh Mon Jun 16 15:20:00 2003
@@ -6,7 +6,7 @@
# auth
auth required pam_nologin.so no_warn
-auth required pam_rhosts.so no_warn
+auth required pam_rhosts.so no_warn allow_root
# account
account required pam_unix.so
Cheers,
--
Cy Schubert <Cy.Schubert at komquats.com> http://www.komquats.com/
BC Government . FreeBSD UNIX
Cy.Schubert at osg.gov.bc.ca . cy at FreeBSD.org
http://www.gov.bc.ca/ . http://www.FreeBSD.org/
More information about the freebsd-current
mailing list