[CentOS] How to properly install rsh without compromising system security
Maciej Żenczykowski
maze at cela.pl
Wed May 25 09:13:51 UTC 2005
This really depends on what kind of functionality you need.
_But_ you could simply make /usr/bin/rsh a symlink to /usr/bin/ssh
and make sure "ssh machine ls" works - the easiest way to get that to work
is to run "ssk-keygen -t dsa" on the client and copy the resultant
~/.ssh/id_dsa.pub into the servers ~/.ssh/authorized_keys and make sure
the server has RSAAuthentication yes in /etc/ssh/sshd_config
although, this of course depends on what actual functionality of
rsh/rlogin/rexec you need (ie. commandline switches and whether you
actually need rlogin)...
Cheers,
MaZe
On Wed, 25 May 2005, Olaf Greve wrote:
> Hi,
>
> For a project at work we are currently installing a distributed software
> development platform which has been developed years ago. All swell, of
> course, but the issue is that it depends on rsh for remote application
> invocation.
>
> Now... I have always been taught that rsh, rlogin and rexec are BAD and that
> one should really stick to SSH only.
>
> Unfortunately, I do not have enough time to completely patch over the
> platform such that it will use SSH (and frankly, that's really a task the
> official developers should perform!), so, I'd like to temporarily enable rsh.
>
> Now, I did some quick RTFM-ing and checking in Google, and it looks like this
> is provided by xinetd.
>
> From Gnome's services menu I have enabled rsh (and hence xinetd), but I do
> not yet seem to be able to remotely perform something like "rsh <machine
> name> ls". It just says "permission denied". Good. No problem. In fact, this
> is probably good. ;)
>
> So, to proceed with this the proper way, can anyone tell me how I can
> properly configure rsh such that I do not compromise system security too much
> (note: I am behind a firewall and my machine is not accessible in any way
> from the outside world, so there is not all too much concern in opening up
> rsh, even with root access)?
>
> Also, on a more general note: I'm not familiar yet with proper PAM concepts
> and configuration. Does anyone know a good (and preferrably not all too long)
> reference guide with which I can quickly and properly familiarise myself with
> the concepts and the proper way of configuring it?
>
> Tnx in advance, and cheers!
> Olafo
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list