Full-service Internet Marketing & Web Development
Recent Posts
Sponsors
 |
How to configure rshd on FreeBSDMichel Nadeau, 08-28-2008 |
Today I had to configure rshd on a FreeBSD server. And just like every single time I had to configure rshd in my life, it took me quite a long time to remember of everything that is needed to configure.
1. What is rshd
rshd -or Remote Shell Daemon- is a server that allows remote machines to run commands, or a shell, on the host machine.
This post will take as example two machines: client and server. We want to run rshd on server and allow client to run remote commands on server using rsh.
2. Authentication
rshd doesn't really use an authentication system. The way it works is that you specify on server the machines that are allowed to run remote commands. To do so, you have to create a file name .rhosts in the user's home directory. For example, if you want to allow the client machine to run remote commands as some_user, you will create /home/some_user/.rhosts as the following:
/home/some_user/.rhosts
For security, set the permission of your .rhosts files to 600 (rw-------).
If you want to allow the client machine to run remote commands as root, you will create /root/.rhosts as the following:
/root/.rhosts
That part is pretty easy. Note that you can also use IP addresses in .rhosts instead of hostnames.
2. Confgure inetd
It's easier to run rshd on FreeBSD using inetd. To do so, edit the /etc/inetd.conf and make sure these 2 lines are uncommented:
Then, edit /etc/rc.conf and make sure that line is present:
Finally, simply restart inetd:
3. Allowing root to rshd
Allowing root to rshd needs a little additional thing than creating /root/.rhosts. To do so, edit the /etc/pam.d/rsh file and modify the "pam_rhosts.so" line so it looks like this:
4. Testing
Now that your server is configured and that the client machine is allowed to rshd, it's time to test.
From client, you can issue any command using rsh, like:
If you don't specify a command, you will run a shell just as if you would login via telnet/SSH or directly on the machine.
Conclusion
rshd is very useful to retrieve information, to start/stop daemons, or do anything else on remote machines. -BUT- use it very carefully, especially if you are going to allow root access. Make 100% sure you 100% trust every user that has access to the client machines. Why? Because the simple "rsh server -l root" command will give root access to anyone on a client machine.
1. What is rshd
rshd -or Remote Shell Daemon- is a server that allows remote machines to run commands, or a shell, on the host machine.
This post will take as example two machines: client and server. We want to run rshd on server and allow client to run remote commands on server using rsh.
2. Authentication
rshd doesn't really use an authentication system. The way it works is that you specify on server the machines that are allowed to run remote commands. To do so, you have to create a file name .rhosts in the user's home directory. For example, if you want to allow the client machine to run remote commands as some_user, you will create /home/some_user/.rhosts as the following:
/home/some_user/.rhosts
client
For security, set the permission of your .rhosts files to 600 (rw-------).
If you want to allow the client machine to run remote commands as root, you will create /root/.rhosts as the following:
/root/.rhosts
client
That part is pretty easy. Note that you can also use IP addresses in .rhosts instead of hostnames.
2. Confgure inetd
It's easier to run rshd on FreeBSD using inetd. To do so, edit the /etc/inetd.conf and make sure these 2 lines are uncommented:
shell stream tcp nowait root /usr/libexec/rshd rshd
login stream tcp nowait root /usr/libexec/rlogind rlogind
login stream tcp nowait root /usr/libexec/rlogind rlogind
Then, edit /etc/rc.conf and make sure that line is present:
inetd_enable="YES"
Finally, simply restart inetd:
/etc/rc.d/inetd restart
3. Allowing root to rshd
Allowing root to rshd needs a little additional thing than creating /root/.rhosts. To do so, edit the /etc/pam.d/rsh file and modify the "pam_rhosts.so" line so it looks like this:
auth required pam_rhosts.so no_warn allow_root
4. Testing
Now that your server is configured and that the client machine is allowed to rshd, it's time to test.
From client, you can issue any command using rsh, like:
rsh server -l root "ls -la"
rsh server -l some_user "df -h"
rsh server -l some_user "df -h"
If you don't specify a command, you will run a shell just as if you would login via telnet/SSH or directly on the machine.
Conclusion
rshd is very useful to retrieve information, to start/stop daemons, or do anything else on remote machines. -BUT- use it very carefully, especially if you are going to allow root access. Make 100% sure you 100% trust every user that has access to the client machines. Why? Because the simple "rsh server -l root" command will give root access to anyone on a client machine.
 |
Victoria, 06-16-2010 |
Thanks!!! Very clear documentation!! Got it working in like 2 minutes!
|
|
Subscribe Now to receive new posts via Email as soon as they come out.
Comments
Post your comments