Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <00eb01c27c78$5f169370$4d1f1cac@THEODOLITE>
From: "Bruce Dobrin" <dobrin AT imageworks DOT com>
To: "Andrew DeFaria" <ADeFaria AT Salira DOT com>
Cc: <cygwin AT cygwin DOT com>
References: <3DB9AD4E DOT 10407 AT Salira DOT com> <3DB9C013 DOT CF6CF751 AT acm DOT org> <3DB9C44F DOT 2060606 AT Salira DOT com>
Subject: Re: Problem with rsh
Date: Fri, 25 Oct 2002 15:46:35 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Before someone else brings this up:  although blanking the "Unused by...."
does allow anyone to rsh into the machine.  It also adds a nasty artifact in
that anyone can login as anyone else by using the -l option (rsh hostname -l
different_user).  It looks like ever since 1.3.2 you have had to use a
hosts.equiv or .rhosts file.

Simplest way is to add a file callled hosts.equiv to etc and include a list
of all machines that should be allowed to access this machine.  Unfortunatly
using the documented "+" in this file doesn't seem to work anymore (Note:
it no longer works on RH Linux 7.2 either unless you set /etc/pam.d/rsh and
rlogin to "permiscuis"..  an option not avaliable to cygwin).  Personally, I
use a perl script to cull the hosts file from my dns server to do generate
this file once a day.  I've never gotten an answer from the list on how to
get the "+" entry to work and would welcome any solution to that problem.
Documentation on all this seems rather limited and often apocryphal as
specific to cygwin.

Bruce D


----- Original Message -----
From: "Andrew DeFaria" <ADeFaria AT Salira DOT com>
Cc: <cygwin AT cygwin DOT com>
Sent: Friday, October 25, 2002 3:23 PM
Subject: Re: Problem with rsh


> David Rothenberger wrote:
>
> >Check your /etc/passwd file and make sure there is no entry in the
password field (the second field).  You want something like this:
> >
> >someuser::11150:...
> >
> >and not something like this:
> >
> >someuser:unused_by_nt/2000/xp:11150:...
> >
> >An easy way to check if this is the culprit is to try doing an
> >rlogin.  For me, this will ask me for a password and then succeed if I
have an entry in the password field.  If the password field is empty, it
succeeds without asking for a password.
> >
> Wham! Good answer! It works!
>
> Actually I viewed the "unused_by_nt/2000/xp" string as ugly and replaced
> it with the traditional "*" instead. But you're right, if you put
> anything in there it gives me a Permission denied for "rsh <machine>
> <command>". Looks like some security checking got tightened up.
>
> This does lead to a question as I believe some other services (ssh?
> exim? I forget) require that you put an actual passwd in /etc/passwd.
> They also described how to generate the crypt string. I've done this on
> my home machine so I copied that encrypted string to my work machine and
> I still get permission denied. Sounds like it's still a problem but at
> least I have a workaround for work. Thanks.
>
> >
> >Andrew DeFaria wrote:
> >
> >
> >>I've run into a major problem using rsh. Note that I've been using rsh
> >>successfully for a while and many people here depend on being able to
> >>rsh into the server. However now I get:
> >>
> >>$ rsh server id
> >>server.mydomain.com: Permission denied.
> >>
> >>
>
> --
>
> Salira <http://www.salira.com>
> Ethernet Simple, Fiber Fast
>
> 5451 Patrick Henry Drive
> Santa Clara, CA 95054
> Phone: (408)-845-5321
> Fax: (408)-845-5205
> Email: ADeFaria AT Salira DOT com
> <mailto:Andrew%20DeFaria%20%3CADeFaria AT Salira DOT com%3E>
> Web: http://www.salira.com
>
> Instant Messaging
> AIM:
> defaria
> MSN:
> Andrew AT DeFaria DOT com
> Yahoo:
> andrew_defaria
> ICQ #:
> 23552673
>
>
> Andrew DeFaria <http://DeFaria.com>
> Clearcase Administrator
> Email: Andrew AT DeFaria DOT com <mailto:Andrew AT DeFaria DOT com>
> Web: http://DeFaria.com
>
>
>
>
>
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/