Re: RSH + Firewall

From: ales (ales_1969_at_yahoo.com)
Date: 02/01/05

  • Next message: Donald Ramer: "Re: SonicWall SOHO TZW Access Rule Help" 
    Date: Tue, 1 Feb 2005 12:53:37 +0100

    In article <ct6td0$brj@dispatch.concentric.net>, winged@nofollow.com
    says...
    > Michael J. Pelletier wrote:
    > > Michael J. Pelletier wrote:
    > >
    > >
    > >>ales_1969@yahoo.com wrote:
    > >>
    > >>
    > >>>Hi !
    > >>>
    > >>>I had installed IPtables on a Linux machine. I have opened full access
    > >>>from inside to outside.
    > >>>Now If I want to use 'rsh' command from inside to outside, I got
    > >>>stucked.
    > >>>
    > >>>Tcpdump shows, that 'rsh' is acting almost the same way as passive FTP.
    > >>>As I've seen, rsh establishes connection from local port L to port 514.
    > >>>And then sends <L-1>\0 to port 514, so the output is sent from
    > >>>remote host back to L-1 port.
    > >>>
    > >>>Is there a way I can tell iptables to handle such requests ?
    > >>>
    > >>>(I accept RELATED and ESTABLISHED states everywhere).
    > >>>
    > >>>Thx
    > >>
    > >>Interesting. Have you ever thought about using ssh? You can tunnel (even X
    > >>apps) as well as use simple remote terminal sessions...
    > >>
    > >>-- Michael
    > >
    > >
    > >
    > > ....it is also trivial to firewall it and you can use group membership to
    > > further limit access. In other words, you might have an account on the box
    > > but, you need to be in the group, say, "sshlogin" before you can use ssh to
    > > connect...
    > >
    > > It is a very nice solution. Much better than rsh...Much more secure too..
    > >
    > > Michael
    >
    > Concur ssh is more flexible and more secure. I find running ssh very
    > useful even for windows boxes. SSH doesn't require a VM and Linux to
    > run, n doesn't require a rocket scientist to set up securely.
    >
    > That said it is essential to use a firewall to restrict access to
    > specific locations. I would restrict access as tightly as I could at
    > the firewall. SSH as with everything else, make sure the software is
    > current there have been a number of spectacular ssh hacks last couple
    > years.
    As I've expected, all answers were regarding SSH. Im aware of all
    weaknesses regarding RSH protocol. I am using SSH for logins for a long
    time.
    However, I still have some old machines to administer, and the work
    geting SSH server on them would be pretty expensive (OpenSSH won't work
    on old crap). So I'm stuck on RSH for some time.

    Still expecting any hint regarding RSH & Firewall.

    thx.

    p.s. Please, don't point me to any newer stuff being better.

  • Next message: Donald Ramer: "Re: SonicWall SOHO TZW Access Rule Help"

    Relevant Pages

    • Re: xorg on 5.3 xhost + does not work
      ... Michael Volland wrote: ... > The only working application is xman. ... > As I understood man ssh says, that the DISPLAY variable ist set by ssh ... This will tell Xorg to listen for incoming TCP connections. ...
      (comp.unix.bsd.freebsd.misc)
    • Re: SSH publickey auth
      ... >>to use SSH protocol version 1. ... > Michael, listen to Alexander. ... I have used PuTTY on Windows to communicate with a FC3 server through ... The *private key was on Windows* and the *public key was on the SSH ...
      (Fedora)
    • Re: xorg on 5.3 xhost + does not work
      ... Remote sessions are working now. ... Michael ... >> As I understood man ssh says, that the DISPLAY variable ist set by ssh ... > This will tell Xorg to listen for incoming TCP connections. ...
      (comp.unix.bsd.freebsd.misc)
    • Re: Looking for good hosting solution
      ... > I'm looking for a good hosting colution, ... > SSH, FTP, ... Michael, ...
      (borland.public.delphi.thirdpartytools.general)
    • Re: RSH + Firewall
      ... > Michael J. Pelletier wrote: ... Concur ssh is more flexible and more secure. ... That said it is essential to use a firewall to restrict access to ...
      (alt.computer.security)