Re: Question regarding using RSH protocol (not binary) over SSH
- From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
- Date: 24 May 2006 17:29:40 GMT
"maaxiim" <maaxiim@xxxxxxxxx> writes:
"maaxiim" <maaxiim@xxxxxxxxx> writes:
I have a rather awkward situation and was hoping someone here might
have some insight.
One of our customers has recently locked down all of their internal
servers to use SSH instead of RSH and so forth. We utilize a third
party automated testing tool to generate heavy loads on their system.
Unfortunately, this third party tool makes use of the raw RSH protocol
to connect to the remote system and launch individual test controllers.
The RSH protocol is _hardcoded_(!) into their controller app.
Well, change it.
They certainly should NOT be allowing rsh into their systems. It is highly
It is a _3rd party_ testing suite, quite a well known one as it
There are 3 parties involved.
1. The customer - they have (quite rightly) banished use of RSH from
2. Us - The system provider. Our system is being deployed on the
Its a global financial management system. i.e. deployed in NYC,
London and SF.
3. The Automated Test Suite provider - They have a distributed load
which is launched by a single controller machine, across multiple load
Well, it looks like you are stuck and something has to give. The customer
can stop banishing rsh. Your system can be changed or your automatic test
suite can be changed. My first action would be to go tot he test suite
provider and ask them what to do. I would doubt that this would be the
first time they got the question. (Of course they could be out of business
and you are using a legacy product). For a huge company like you say it is
to allow rsh onto their system would be the height of folly. Since you are
the system provider, I guess you are caught in the middle. You have some
a) Tell them you cannot finish the job and take the penalty hit.
b) Buy a new test suite from some company that has heard about security.
c) Persuade the company to rewrite their test suite to handle ssh.
d) Write your own test suite.
The problem is that the (3) Automated Test Suite provider don't
generally make it a policy to distribute their source code when you
purchase a license so we don't have the
option to change the controller.
But you have the option to talk to the company. Or is it that they have
said "sure for $10,000 we will sell you a more modern version" and you want
to save the money since you had not bargained on that expense.
So, that being said, does anyone know of a way to achieve the scenario
I described in my previous email?
ssh and rsh are different protocols. Even if ssh listened at the rsh port,
it would be useless since it would be expecting an ssh negotiation.
hardcoded into their controller app? That sounds highly unlikely.
It may be hardcoded into your testing app, but I doubt it is in their
There is no 'testing app' in this scenario, its a complete install
being hit by billions of transactions daily to verify the system meets
the contract requirements.
Since the server no longer listens on 514, I was wondering if it is at
all possible to somehow
operate SSH in a port forwarding mode, but not forwarding to another
socket on the remote machine. For example
MachineA:Load Controller -> RSH -> MachineB:514 -> launches command via
You can have ssh listen on port 514 if that helps.
The remote command then communicates back to the Load Controller over
the established connections stdout/stdin
Is it possible for me to have SSH listen on 514 and somehow process the
RSH protocol as though it were RSH on the remote machine:
MachineA:LoadController -> RSH -> MachineB:514 -> launches command via
Change the LoadController.
Ironically, they are not concerned that its still RSH protocol coming
That is because it would not matter.
You cuold sk them to open up rsh for the purposes of the test. That would
of course leave them open, and in fact with all of the traffic you are
generating it would leave the attacker lots and lots of traffic to snoop.
Hopefully that is not too convoluted, TIA
- Prev by Date: Re: Question regarding using RSH protocol (not binary) over SSH
- Next by Date: Re: Question regarding using RSH protocol (not binary) over SSH
- Previous by thread: Re: Question regarding using RSH protocol (not binary) over SSH
- Next by thread: Re: Question regarding using RSH protocol (not binary) over SSH