Voir :

• http://jlbicquelet.free.fr/aix/configuration/rsh.php
• https://www.verylazytech.com/network-pentesting/rsh-port-514

Voir aussi :

• https://fr.wikipedia.org/wiki/GNU_inetutils

Ne pas utilser ce truc

Use of rsh is discouraged due to the inherent insecurity of host-based authentication.

Source : man rsh

Also note that the design of the .rhosts system is COMPLETELY INSECURE except on a carefully firewalled private network. Under all other circumstances, rshd should be disabled entirely.

Source : man in.rshd

rsh : Ce programme est issu du package rlogin

il faut que le compte utilisé soit reconnu par la machine distante. Pour être reconnu, l'utilisateur doit avoir un compte avec le même nom sur la machine distante et, en plus, il doit avoir correctement configuré son fichier .rhosts

Ports

rsh hostname (port 513)
rsh hosname commande (port 514)

apt-get install rsh-client rsh-server

/etc/init.d/openbsd-inetd status
/etc/init.d/openbsd-inetd start
/etc/init.d/openbsd-inetd status

echo "localhost" >> ~/.rhosts

/etc/hosts.equiv global trusted host-user pairs list

~/.rhosts per-user trusted host-user pairs list

rsh, rlogin et ssh utilisent ces fichiers

# hostname [username]

somehost
somehost username

* exchangeuser

For root login to succeed here with pam_securetty, “rsh” must be listed in /etc/securetty.

echo "rsh" >> /etc/securetty

Avec le compte utilisateur

apt-get install rsh-client

echo plop > plop.txt
rcp plop.txt root@localhost:/tmp/
rcp plop.txt localhost:/tmp/

rsh -l user localhost
rlogin -l user localhost
# NOTE : rsh without a command switches to rlogin.
 
rsh -l user localhost command

Shell meta-characters which are not quoted are interpreted on local machine, while quoted meta-characters are interpreted on the remote machine

Appends the remote file remotefile to the local file localfile

rsh otherhost cat remotefile >> localfile

Appends remotefile to other_remotefile

rsh otherhost cat remotefile ">>" other_remotefile

Dans un conteners

# ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 14:51 pts/0    00:00:00 /bin/sh
root           7       1  0 14:51 pts/0    00:00:00 bash
root         942       1  0 15:08 ?        00:00:00 /usr/sbin/inetd
root        1071       7  0 15:39 pts/0    00:00:00 ps -ef

# rsh localhost   
rlogind[1078]: pam_rhosts(rlogin:auth): allowed access to root@localhost as root
#

root       25225       1  0 Jan20 ?        00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root     3072532   25225  0 11:02 ?        00:00:00 in.rlogind
root     3072597 3072532  0 11:02 ?        00:00:01 login -- user1
user1      3072724 3072597  0 11:02 pts/4    00:00:00 -ksh

# ss -tlnp |grep xinetd
0      64                             *:513                           *:*      users:(("xinetd",25225,5))
0      64                             *:514                           *:*      users:(("xinetd",25225,6))

/etc/xinetd.d/rsh

# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
#       consequently, for the rsh(1) program.  The server provides \
#       remote execution facilities with authentication based on \
#       privileged port numbers from trusted hosts.
service shell
{
        disable = no
        socket_type             = stream
        wait                    = no
        user                    = root
        log_on_success          += USERID
        log_on_failure          += USERID
        server                  = /usr/sbin/in.rshd
}