[PLUG] Urgent help with `rsh' (problem fixed)

[Dean S. Messing]

I just got off the phone with Matt Alexander who successfully
helped me fix my tricky `rsh' problem.  Thanks a million Matt.

It turns out that the man page (for rshd) is wrong where it says:

     8.   Rshd then validates the user using ruserok(3),  which uses the file
          /etc/hosts.equiv and the .rhosts file found in the user's home di­
          rectory. The -l option prevents ruserok(3) from doing any validation
          based on the user's ``.rhosts'' file (unless the user is the supe­
          ruser and the -h option is used.) If the -h option is not used, su­
          peruser accounts may not be accessed via this service at all.

Note the double negative in the last sentence.

In fact supplying the -h flag seems to inhibit rshd from ever allowing
remote command execution (as root or otherwise).  Also Matt's original
comment regarding an entry in /etc/securetty is correct, thought you
only need an entry for `rsh'.  When I tried his suggestion I had the
-h flag on the daemon and so it appeared that his suggestion made no
difference.

Note that had I  not read the manual I never would have added the -h flag
and all would  have been well.

The fractured moral of this tale of a wasted Saturday is

        "Don't read the manual and everything will be OK".


Dean