RSH on Windows – revisited


There are differences between Windows RSH and Interix RSH; I discussed RSH on SUA here.

Windows RSH only supports etc/hosts.equiv mechanism, although it is called as  %windir%system32\drivers\etc\.rhosts. It has system wide implication. 

It doesn’t support/accept the fully qualified windows name syntax (ie domainName\userName ) in all situations.

Windows RSH allow the name in “-l name” option from the client (rsh) to be anything other than the name of the user that invoked the rsh client.

Windows Remote Shell service requires that users on server machine store there password using rshpswd utility, for clients to execute the rsh commands properly. This utility associates the user’s password with fully qualified name (localMachine\userName) of the user and stores in LSA secret area. 

Windows remote Shell Service tries to execute the command first in the context of “localMachine\userName”. If this user’s password had been saved using rshpswd and if process can’t be created, it tries as domainName\userName with user’s saved password, where “domainName” is the machines login domain.

The shell used to execute the command is windows command shell cmd.exe.

Important: The format of /etc/hosts.equiv and ~/.rhosts file

On Interix both /etc/hosts.equiv and ~/.rhosts file supports only simple format  as specified below –

hostname [username]

If the form:

hostname

is used, then users from the named host  are  trusted.  That is, they may access the system with the same user name as they have on the remote system. This form may be used in both the /etc/hosts.equiv and .rhosts files.

If the line is in the form:

hostname username

then the user named "username" from the system called "hostname" can access the  system. This form may be used in individual .rhosts files to allow  remote users to access  the  system  as  a  different local  user. If this form is used in the /etc/hosts.equiv file, the named remote user will be allowed to access the system as any local user.

NOTE: 

a.         Historically and on most other UNIX systems the format is one of:

[+ | - ]  [ hostname | @netgroup1]

[+ | - ]  hostname | @netgroup1  [ [+ | -]  [ username | @netgroup2]]

However, Interix does not yet support this historical functionality.

b.         Only one entry per line is permitted.

c.         Lines longer than 384 characters are ignored.

d.         For security reasons, these files will be ignored in lack of proper permissions and/or ownership.

e.         /etc/hosts.equiv is ignored, if access is being requested for super user privilege.

Skip to main content