{{tag>ssh xinetd inetd}} # Notes rsh rcp Voir : * http://jlbicquelet.free.fr/aix/configuration/rsh.php * https://www.verylazytech.com/network-pentesting/rsh-port-514 * https://www.veritas.com/support/en_US/doc/79728803-79728850-0/v9345697-79728850 Voir aussi : * https://fr.wikipedia.org/wiki/GNU_inetutils ** Ne pas utilser ce truc ** Use of rsh is discouraged due to the inherent insecurity of host-based authentication. Source : `man rsh` Also note that the design of the .rhosts system is COMPLETELY INSECURE except on a carefully firewalled private network. Under all other circumstances, rshd should be disabled entirely. Source : `man in.rshd` rsh : Ce programme est issu du package rlogin il faut que le compte utilisé soit reconnu par la machine distante. Pour être reconnu, l'utilisateur doit avoir un compte avec le même nom sur la machine distante et, en plus, il doit avoir correctement configuré son fichier .rhosts ## Protocole Ports ~~~ rsh hostname (port 513) rsh hosname commande (port 514) ~~~ ## Coté serveur ## Avec le compte root ~~~bash apt-get install rsh-client rsh-server ~~~ ~~~bash /etc/init.d/openbsd-inetd status /etc/init.d/openbsd-inetd start /etc/init.d/openbsd-inetd status ~~~ ~~~bash echo "localhost" >> ~/.rhosts ~~~ Le fichier hosts.equiv / .rhosts autorise ou interdit à des ordinateurs et à des utilisateurs l'utilisation des commandes r (telles que rlogin, rsh ou rcp) sans donner de mot de passe. `/etc/hosts.equiv` global trusted host-user pairs list `~/.rhosts` per-user trusted host-user pairs list rsh, rlogin et ssh utilisent ces fichiers ### Syntaxe de .rhosts hosts.equiv ~~~ # hostname [username] somehost somehost username ~~~ For root login to succeed here with pam_securetty, "rsh" must be listed in /etc/securetty. ~~~bash echo "rsh" >> /etc/securetty ~~~ ## Coté client Avec le compte utilisateur ~~~bash apt-get install rsh-client ~~~ ~~~bash echo plop > plop.txt rcp plop.txt root@localhost:/tmp/ rcp plop.txt localhost:/tmp/ ~~~ ~~~bash rsh -l user localhost rlogin -l user localhost # NOTE : rsh without a command switches to rlogin. rsh -l user localhost command ~~~ ### Shell meta-characters escape Shell meta-characters which are not quoted are interpreted on local machine, while quoted meta-characters are interpreted on the remote machine Appends the remote file remotefile to the local file localfile ~~~bash rsh otherhost cat remotefile >> localfile ~~~ Appends remotefile to other_remotefile ~~~bash rsh otherhost cat remotefile ">>" other_remotefile ~~~ ## Cas 1 Sur le client - NOK ~~~ test@rsh-cli:~$ rcp TEST4 user1@rsh-srv:/home/user1/ Permission denied. ~~~ Sur le serveur ~~~bash echo "rsh-cli test" >> /home/user1/.rhosts ~~~ Sur le client - OK ~~~ test@rsh-cli:~$ rcp TEST4 user1@rsh-srv:/home/user1/ ~~~ ## Autres Dans un conteners ~~~ # ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 14:51 pts/0 00:00:00 /bin/sh root 7 1 0 14:51 pts/0 00:00:00 bash root 942 1 0 15:08 ? 00:00:00 /usr/sbin/inetd root 1071 7 0 15:39 pts/0 00:00:00 ps -ef ~~~ ~~~ # rsh localhost rlogind[1078]: pam_rhosts(rlogin:auth): allowed access to root@localhost as root # ~~~ ----- ~~~ root 25225 1 0 Jan20 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid root 3072532 25225 0 11:02 ? 00:00:00 in.rlogind root 3072597 3072532 0 11:02 ? 00:00:01 login -- user1 user1 3072724 3072597 0 11:02 pts/4 00:00:00 -ksh ~~~ Bizarre, je ne vois pas le process 'sleep' que j'ai lancé et qui tourne toujours. Même avec plusieurs essais. Le dernier processus '-ksh' n'a pas d'enfant. ~~~ # ss -tlnp |grep xinetd 0 64 *:513 *:* users:(("xinetd",25225,5)) 0 64 *:514 *:* users:(("xinetd",25225,6)) ~~~ `/etc/xinetd.d/rsh` ~~~ # default: on # description: The rshd server is the server for the rcmd(3) routine and, \ # consequently, for the rsh(1) program. The server provides \ # remote execution facilities with authentication based on \ # privileged port numbers from trusted hosts. service shell { disable = no socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rshd } ~~~ FIXME