Bug 54387

Summary: "rsh host command" does not work.
Product: [Retired] Red Hat Linux Reporter: Eugene Kanter <ekanter>
Component: rshAssignee: Phil Knirsch <pknirsch>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: notting, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-10-24 20:38:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
requested log file none

Description Eugene Kanter 2001-10-05 14:28:25 UTC
[eugene@ekanter03 eugene]$ rsh -l ekanter solaris2.6host
initializing for Solaris...
% exit
% logout
rlogin: connection closed.
[eugene@ekanter03 eugene]$ rsh -l ekanter solaris2.6host w
poll: protocol failure in circuit setup
[eugene@ekanter03 eugene]$

Comment 1 Nalin Dahyabhai 2001-10-09 13:56:30 UTC
I was able to connect both ways between a system with rsh-0.17-5 and unpatched
Solaris 2.6 on an Ultra 1.  The only time I saw the protocol error was when I
had misconfigured inetd (was trying to have the in.rshd run under truss, forgot
to include truss in the argument list at the end of the line in the config
file), which resulted in the connection being closed immediately.

Can you please try running the server end under truss and attaching the output?
The inetd.conf line should look something like this:
shell stream tcp nowait root /usr/bin/truss truss -o /tmp/rshd.log /usr/sbin/in.rshd

Comment 2 Eugene Kanter 2001-10-24 20:31:02 UTC
Created attachment 34921 [details]
requested log file

Comment 3 Eugene Kanter 2001-10-24 20:38:07 UTC
after reading log file I figured out that default 7.2 firewall is the problem. I
do not understand why. Please investigate.
added -l option to ipchans.
here is the line from firewall log:

Oct 24 16:34:24 ekanter03 kernel: Packet log: input REJECT eth0 PROTO=6
solaris2.6:1023 ekanter03:1021 L=44 S=0x00 I=49543 F=0x4000 T=254 SYN (#1)

seems like default firewall setup breaks some rsh functionality.

Comment 4 Phil Knirsch 2002-01-30 10:54:14 UTC
This is something to be expected. Firewall rules are there to disallow
connections, not to allow them. Especially as rsh like telnet is a very insecure
protocol to begin with it is very desirable even for low security firewalls to
deny the use of this protocol.

I'll close this bug as not a bug as it isn't something than can be fixed in rsh.
Either reassign it to ipchains/iptables or even anaconda if you think this
should be changed or simply open a new bug there.


Read ya, Phil