Before someone else brings this up: although blanking the "Unused by...." does allow anyone to rsh into the machine. It also adds a nasty artifact in that anyone can login as anyone else by using the -l option (rsh hostname -l different_user). It looks like ever since 1.3.2 you have had to use a hosts.equiv or .rhosts file.
Simplest way is to add a file callled hosts.equiv to etc and include a list of all machines that should be allowed to access this machine. Unfortunatly using the documented "+" in this file doesn't seem to work anymore (Note: it no longer works on RH Linux 7.2 either unless you set /etc/pam.d/rsh and rlogin to "permiscuis".. an option not avaliable to cygwin). Personally, I use a perl script to cull the hosts file from my dns server to do generate this file once a day. I've never gotten an answer from the list on how to get the "+" entry to work and would welcome any solution to that problem. Documentation on all this seems rather limited and often apocryphal as specific to cygwin. Bruce D ----- Original Message ----- From: "Andrew DeFaria" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, October 25, 2002 3:23 PM Subject: Re: Problem with rsh > David Rothenberger wrote: > > >Check your /etc/passwd file and make sure there is no entry in the password field (the second field). You want something like this: > > > >someuser::11150:... > > > >and not something like this: > > > >someuser:unused_by_nt/2000/xp:11150:... > > > >An easy way to check if this is the culprit is to try doing an > >rlogin. For me, this will ask me for a password and then succeed if I have an entry in the password field. If the password field is empty, it succeeds without asking for a password. > > > Wham! Good answer! It works! > > Actually I viewed the "unused_by_nt/2000/xp" string as ugly and replaced > it with the traditional "*" instead. But you're right, if you put > anything in there it gives me a Permission denied for "rsh <machine> > <command>". Looks like some security checking got tightened up. > > This does lead to a question as I believe some other services (ssh? > exim? I forget) require that you put an actual passwd in /etc/passwd. > They also described how to generate the crypt string. I've done this on > my home machine so I copied that encrypted string to my work machine and > I still get permission denied. Sounds like it's still a problem but at > least I have a workaround for work. Thanks. > > > > >Andrew DeFaria wrote: > > > > > >>I've run into a major problem using rsh. Note that I've been using rsh > >>successfully for a while and many people here depend on being able to > >>rsh into the server. However now I get: > >> > >>$ rsh server id > >>server.mydomain.com: Permission denied. > >> > >> > > -- > > Salira <http://www.salira.com> > Ethernet Simple, Fiber Fast > > 5451 Patrick Henry Drive > Santa Clara, CA 95054 > Phone: (408)-845-5321 > Fax: (408)-845-5205 > Email: [EMAIL PROTECTED] > <mailto:Andrew%20DeFaria%20%3CADeFaria@;Salira.com%3E> > Web: http://www.salira.com > > Instant Messaging > AIM: > defaria > MSN: > [EMAIL PROTECTED] > Yahoo: > andrew_defaria > ICQ #: > 23552673 > > > Andrew DeFaria <http://DeFaria.com> > Clearcase Administrator > Email: [EMAIL PROTECTED] <mailto:Andrew@;DeFaria.com> > Web: http://DeFaria.com > > > > > > > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
