4.5 The rsh, rcp, rexec, and rlogin ServicesIn "Turn Off rsh, rcp, rlogin, and rexec" on page 100 it was recommended that these services be turned off because they are not considered secure and that SSH is an excellent secure alternative. Because these services are so popular (because they are useful), an explanation about how they work and their insecurity is offered here.
These allow one to remotely execute a process. In other words an account named joe on remote system zoro.com can issue the command rsh pentacorp.com stab files This will ask that pentacorp.com execute the command stab files as account joe. The authentication (to verify that this request be allowed) is by looking up the initiating system's name and account name (zoro.com and joe) in two configuration files on the pentacorp.com system. If the initiating system's name appears in the system-wide configuration file /etc/hosts.equiv, any request from a user name on that system to pentacorp.com for the same user name will be honored. In other words, if the entry zoro.com appears in /etc/hosts.equiv on pentacorp.com, any user on zoro.com can do rsh commands as the same user name on pentacorp.com. Thus, zoro.com user joe can have commands executed by user joe on pentacorp.com and user cindy on zoro.com can have commands executed by user cindy on pentacorp.com but zoro.com user joe is not given permission by /etc/hosts.equiv to execute commands as user cindy on pentacorp.com and vice versa. Individual users may grant additional permissions for remote users to operate under their accounts. This is done by creating the file .rhosts in a user's home directory and adding the desired entries. Each entry takes up a line and may be in either of two formats. The first format lists just the host name of the remote system allowed to rsh. Thus, if cindy's home Linux box is hv.isp.com and her personal account on it also is cindy she could add the entry hv.isp.com to her .rhosts file. Suppose cindy also is taking a night class at Georgia Tech and her account is cc02 on cory.gatech.com. She cannot specify cory.gatech.com because the account is different. Instead she specifies the host name, a space, and the remote account name such as cory.gatech.com cc02 If she also is taking a class on comparative religion and that account is cr72, her .rhosts file might look like hv.isp.com cory.gatech.com cc02 cory.gatech.com cr72 4.5.1 R* SecurityThe daemons for rsh and rexec have several security features to reduce intrusions.
4.5.2 R* InsecuritySecurity can be broken in a number of ways.
The best solution to rsh is to disable it. The "Host masquerades" cannot adequately be defended against if there are any untrusted systems on the LAN and rsh is at risk for suffering the session being sniffed. SSH was created explicitly to solve these problems. Do have your users make use of it. Still, if your LAN is secure from internal attacks and sniffing, then TCP Wrappers around in.rshd can be secure. The rcp program allows copying files between systems and operates in much the same way as rsh and it has the same problems and solutions. Have your users use the scp command in the SSH package. It works like rcp but has all of the rock solid security of SSH. The rexec program works like rsh and has similar problems too. The alternative is ssh. The rlogin program has all of the problems and solutions of rsh and rcp and it has the additional problem that if the client system (the requesting system) is not mentioned in the user's .rhosts file or the /etc/hosts.equiv file on the server system, the invoker will need to supply a password. This password is sent over the network in clear text, allowing a sniffer then to use that password to access that account via rlogin, telnet, ftp, popclient, etc.
|
Top |