Ceci est une ancienne révision du document !
Table des matières
Notes rsh rcp
Voir :
Voir aussi :
Ne pas utilser ce truc
Use of rsh is discouraged due to the inherent insecurity of host-based authentication.
Source : man rsh
Also note that the design of the .rhosts system is COMPLETELY INSECURE except on a carefully firewalled private network. Under all other circumstances, rshd should be disabled entirely.
Source : man in.rshd
rsh : Ce programme est issu du package rlogin
il faut que le compte utilisé soit reconnu par la machine distante. Pour être reconnu, l'utilisateur doit avoir un compte avec le même nom sur la machine distante et, en plus, il doit avoir correctement configuré son fichier .rhosts
Protocole
Ports
rsh hostname (port 513) rsh hosname commande (port 514)
Coté serveur
Avec le compte root
apt-get install rsh-client rsh-server
/etc/init.d/openbsd-inetd status /etc/init.d/openbsd-inetd start /etc/init.d/openbsd-inetd status
echo "localhost" >> ~/.rhosts
Le fichier hosts.equiv / .rhosts autorise ou interdit à des ordinateurs et à des utilisateurs l'utilisation des commandes r (telles que rlogin, rsh ou rcp) sans donner de mot de passe.
/etc/hosts.equiv global trusted host-user pairs list
~/.rhosts per-user trusted host-user pairs list
rsh, rlogin et ssh utilisent ces fichiers
Syntaxe de .rhosts hosts.equiv
# hostname [username] somehost somehost username
For root login to succeed here with pam_securetty, “rsh” must be listed in /etc/securetty.
echo "rsh" >> /etc/securetty
Coté client
Avec le compte utilisateur
apt-get install rsh-client
echo plop > plop.txt rcp plop.txt root@localhost:/tmp/ rcp plop.txt localhost:/tmp/
rsh -l user localhost rlogin -l user localhost # NOTE : rsh without a command switches to rlogin. rsh -l user localhost command
Shell meta-characters escape
Shell meta-characters which are not quoted are interpreted on local machine, while quoted meta-characters are interpreted on the remote machine
Appends the remote file remotefile to the local file localfile
rsh otherhost cat remotefile >> localfile
Appends remotefile to other_remotefile
rsh otherhost cat remotefile ">>" other_remotefile
Cas 1
Sur le client - NOK
[test@rsh-cli] /home/test > rcp TEST4 user1@rsh-srv:/home/user1/ Permission denied.
Sur le serveur
echo "rsh-cli test" >> /home/user1/.rhosts
Sur le client - OK
rcp TEST4 user1@rsh-srv:/home/user1/
Autres
Dans un conteners
# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 14:51 pts/0 00:00:00 /bin/sh root 7 1 0 14:51 pts/0 00:00:00 bash root 942 1 0 15:08 ? 00:00:00 /usr/sbin/inetd root 1071 7 0 15:39 pts/0 00:00:00 ps -ef
# rsh localhost rlogind[1078]: pam_rhosts(rlogin:auth): allowed access to root@localhost as root #
root 25225 1 0 Jan20 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid root 3072532 25225 0 11:02 ? 00:00:00 in.rlogind root 3072597 3072532 0 11:02 ? 00:00:01 login -- user1 user1 3072724 3072597 0 11:02 pts/4 00:00:00 -ksh
# ss -tlnp |grep xinetd
0 64 *:513 *:* users:(("xinetd",25225,5))
0 64 *:514 *:* users:(("xinetd",25225,6))
/etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}
