From owner-freebsd-current@FreeBSD.ORG Sun Sep 14 18:41:05 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21BA216A4BF for ; Sun, 14 Sep 2003 18:41:05 -0700 (PDT) Received: from mail.komquats.com (h24-108-145-252.gv.shawcable.net [24.108.145.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3F3D43FCB for ; Sun, 14 Sep 2003 18:41:03 -0700 (PDT) (envelope-from Cy.Schubert@komquats.com) Received: from cwsys.cwsent.com (cwsys [10.1.1.1]) by mail.komquats.com (Postfix) with ESMTP id 14B2C7A28B for ; Sun, 14 Sep 2003 18:41:03 -0700 (PDT) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.9/8.12.8) with ESMTP id h8F1f2Op018611 for ; Sun, 14 Sep 2003 18:41:03 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Resent-Message-Id: <200309150141.h8F1f2Op018611@cwsys.cwsent.com> Message-Id: <200309150141.h8F1f2Op018611@cwsys.cwsent.com> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: supraexpress@globaleyes.net In-Reply-To: Your message of "Sun, 14 Sep 2003 18:29:17 CDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 14 Sep 2003 18:40:02 -0700 Sender: Cy.Schubert@komquats.com Resent-To: freebsd-current@freebsd.org Resent-Date: Sun, 14 Sep 2003 18:41:02 -0700 Resent-From: Cy Schubert Subject: Re: rsh commands to 5.1-CURRENT being rejected X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Cy Schubert List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2003 01:41:05 -0000 In message , supraexpress@globaleyes.net writes: > Sep 14 17:46:52 target logger: TCP_Wrappers ALLOW: source/tar > get,rshd,974,rshd@target > Sep 14 17:46:52 target inetd[974]: connection from source, servic > e rshd (tcp) > Sep 14 17:46:52 target rshd[974]: root@source as root: permission > denied (authentication error). cmd='date' > > /root/.rhosts (600): "source root" > > /etc/pam.d/rsh: not changed > > /etc/inetd.conf: > shell stream tcp nowait root /usr/libexec/rshd rshd -L > > /etc/hosts: both "source" and "target" are defined > > /etc/named/s/: both "source" and "target" are defined > > 5.1-CURRENT: Wednesday, 20 August 2003 20:36:05 > > > Under FBSD-4.8, this is not a problem. Under FBSD-5.1, nothing I do > seems to allow rsh from another LAN host. > > A TCPDUMP of the rsh session shows "root.root." coming from > "source" and then "permission denied" coming from "target", where the > TCPDUMP is running. The "source" host displays: "rshd: Login > incorrect.". RSH from "target" to "source" works just fine?!? A picture is worth a thousand words. (No worries folks, this is in my internal network here at home. Professionally I use SSH and Kerberos rsh.) --- /usr/src/etc/pam.d/rsh Sun Feb 9 16:50:03 2003 +++ /etc/pam.d/rsh Mon Jun 16 15:20:00 2003 @@ -6,7 +6,7 @@ # auth auth required pam_nologin.so no_warn -auth required pam_rhosts.so no_warn +auth required pam_rhosts.so no_warn allow_root # account account required pam_unix.so Cheers, -- Cy Schubert http://www.komquats.com/ BC Government . FreeBSD UNIX Cy.Schubert@osg.gov.bc.ca . cy@FreeBSD.org http://www.gov.bc.ca/ . http://www.FreeBSD.org/