From Anthony Howe on Mon, 14 Dec 1998
Oh hum. I'm having trouble with getting rsh to work between two machines for a specific task. I've read the rsh, tcpd, and hosts.allow man pages and I still can't get it to work.
"shell" line uncommented
client A 220.127.116.11
18.104.22.168.in-addr.arpa PTR client
joe@client$ rsh server '/bin/ls /home/joe'
I get "Permission denied". The logs on neither client nor server provide no reason for the "Permission denied".
Maybe I just over-tired, but I can't figure out what I'm overlooking. Can anyone please tell me what I'm missing?
What is the precise line in your /etc/inetd.conf?
Some versions of in.rshd and in.rlogind have options which force the daemon to ignore .rhosts files (-l) allow 'superuser' access (-h), syslog all access attempts (-L), and perform "double reverse lookups" (-a).
It looks like your forward and reverse records are alright (assuming that the client's /etc/resolv.conf is pointing at a name server that recognized the authority for the zones you're using).
Note: If you are going through IP Masquerading at some point (some sort of proxy/firewall package) then there's also the remote chance that your source port is being remapped to some unprivileged (>1024) port as the packets are re-written by your masquerading/NAT router.
I did complain to the Linux/GNU maintainers of the rshd/rlogind package about the fact that their syslog messages don't provide more detailed errors on denial. However, I'm not enough of a coder to supply patches.
To test this without TCP Wrappers at all try commenting out the line that looks something like:
shell stream tcp nowait root /usr/sbin/tcpd in.rshd -a
... and replacing it with something like:
shell stream tcp nowait root /usr/sbin/in.rshd in.rshd -L
(note: we just changed the tcpd to refer to rshd).