"Access is denied" with rsh / rshsvc

  • Thread starter Thread starter Stefano Gragnani
  • Start date Start date
S

Stefano Gragnani

Hi,

I have the following problem:

rsh "Access is denied" - and I want to use the Win32-based version (rshsvc).

My .rhosts file is located in "C:\Windows\System32\drivers\etc" (OS is XP
Pro SP 2). For testing my .rhosts file has only an entry:
+ +
I have executed the rshpswd command and entered my account password.

When I execute:

rsh cobra dir c:

from the cobra pc I get "Access is denied".
The file log "rshhistory" report, for example:

HostName:192.168.0.2 RemoteUser:COBRA\Stefano LocalUser:Stefano Command:dir
c: Status:Unauthorized User

In the Stefano home directory I have put the .hosts file always with the
entry:
+ +

I have used also:
cobra stefano

but without success.

SORRY FOR MY ENGLISH!!!

Thanks in advance for any help.

Best regards,
Stefano
 
Stefano Gragnani wrote...
I have the following problem:

rsh "Access is denied" - and I want to use the Win32-based version (rshsvc).


Where does rshsvc come from? XP Pro SP2 does not have such a beast.
My .rhosts file is located in "C:\Windows\System32\drivers\etc" (OS is XP
Pro SP 2). For testing my .rhosts file has only an entry:
+ +
I have executed the rshpswd command and entered my account password.

Why put a .rhost there?

On *nix systems, .rhosts files are put, per user basis, on their home
folders. On Windows, the equilvant would be
C:\Documents and Settings\<username>\

And windows implementation of rshd's will read the allowed_users *not
necessary* on C:\Documents and Settings\<username>\.rhosts.

So, read the documentation of your "Win32-based rshsvc" and see
where the app will read the *allowed user list* from.

BTW, rsh/rshd is outdated by ssh/sshd for many many years.
Better search for ssh searver/client implementations.

Good luck.
 
'rshsvc' come from Microsoft Windows 2000 Server Resource Kit.

From the Windows 2000 SRK documentation:

<<The RHOSTS file must be in the %SystemRoot%\System32\Drivers\Etc\
directory>>

I have put the .hosts file also in the home directories but I get the same
'Access Denied'.

thanks
stefano
 
Stefano Gragnani wrote...
'rshsvc' come from Microsoft Windows 2000 Server Resource Kit.

From the Windows 2000 SRK documentation:

<<The RHOSTS file must be in the %SystemRoot%\System32\Drivers\Etc\
directory>>

I have put the .hosts file also in the home directories but I get the same
'Access Denied'.

thanks
stefano

I hope you used the correct filename, rhosts versus .rhosts, whatever it
may be.

The next thing to check is the event log, to see if you will get more
information other than "Access Denied."
 
Stefano Gragnani wrote...
'rshsvc' come from Microsoft Windows 2000 Server Resource Kit.

From the Windows 2000 SRK documentation:


So you have installed rshsvc from Windows 2000 Server Resource Kit
onto XP Pro SP2. It might work, or might not, due to different OS'es.

Hmmm.... is the rshsvc service running on your XP Pro SP2?
 
Stefano Gragnani wrote...
'rshsvc' come from Microsoft Windows 2000 Server Resource Kit.

From the Windows 2000 SRK documentation:

I don't have W2KS Resource Kit, but I have a copy of Microsoft Windows
Services for Unix 3.5.

Tried that on my XP Pro SP2, and I could go as far as execute an
"invalid" command. Here is what I did.

0. Install Microsoft Windows Services for Unix 3.5
- select the following components to be installed
- Utilities
- Interix GNU Components
- Remote Connectivity
- Windows Remote Shell Service <-- make sure to check this option
1. from Start | Programs | Windows Services for Unix | Help for Services
for Unix :
- search for rshsvc
- the help content says:
// Security
// You mush have an .rhosts file in the path specified in the
registry entry
// \HKLM\System\System\CurrentControlSet\Services\RshSvc\RhostsPath
2. Run regedit, and browse to this registry key, it has the value
RhostsPath C:\WINDOWS\system32\drivers\etc
3. create the following file:
C:\WINDOWS\system32\drivers\etc\.rhosts
--
+ +
--
N.B. The 1st "+" means allow all hosts,
the 2nd "+" means allow all users.
4. on localhost, open a cmd prompt and type
C:\SFU\common> dir rshsvc.exe

11/08/2003 02:16 AM 16,800 rshsvc.exe

C:\SFU\common> rsh localhost -l admin cat c:\autoexec.bat
Invalid User or Password

C:\SFU\common> rshsvc.exe -stop
Remote Shell Service: Service stopped

C:\SFU\common> rshsvc.exe -start -p
Remote Shell Service: Service started

C:\SFU\common> rsh localhost -l admin cat c:\autoexec.bat
Unable to execute the command

C:\SFU\common>
 
I hope you used the correct filename, rhosts versus .rhosts, whatever it may be.

The file name must be .rhosts, the dot is part of the file name (Microsoft rshsvc documentation).
The next thing to check is the event log, to see if you will get more information other than "Access Denied."

From the file 'rshhistory' (2 examples):

HostName:192.168.0.2 RemoteUser:COBRA\Stefano LocalUser:Stefano Command:dir c: Status:Unauthorized User
UserHostName:192.168.0.1 RemoteUser:SERVER-01\Stefano LocalUser:Stefano Command:dir c: Status:Unauthorized User

and also from the event log the informations are the same.

So you have installed rshsvc from Windows 2000 Server Resource Kit
onto XP Pro SP2. It might work, or might not, due to different OS'es.

rshsvc must work also with XP as documented in MSDN (I don't remember the link)
Hmmm.... is the rshsvc service running on your XP Pro SP2?

YES! ... from the event viewer, for example:

RshSvc Service started successfully.

I don't have W2KS Resource Kit, but I have a copy of Microsoft Windows
Services for Unix 3.5.

Tried that on my XP Pro SP2, and I could go as far as execute an
"invalid" command. Here is what I did.

0. Install Microsoft Windows Services for Unix 3.5
- select the following components to be installed
- Utilities
- Interix GNU Components
- Remote Connectivity
- Windows Remote Shell Service <-- make sure to check this option
1. from Start | Programs | Windows Services for Unix | Help for Services
for Unix :
- search for rshsvc
- the help content says:
// Security
// You mush have an .rhosts file in the path specified in the
registry entry
// \HKLM\System\System\CurrentControlSet\Services\RshSvc\RhostsPath
2. Run regedit, and browse to this registry key, it has the value
RhostsPath C:\WINDOWS\system32\drivers\etc
3. create the following file:
C:\WINDOWS\system32\drivers\etc\.rhosts
--
+ +
--
N.B. The 1st "+" means allow all hosts,
the 2nd "+" means allow all users.
4. on localhost, open a cmd prompt and type
C:\SFU\common> dir rshsvc.exe

11/08/2003 02:16 AM 16,800 rshsvc.exe

C:\SFU\common> rsh localhost -l admin cat c:\autoexec.bat
Invalid User or Password

rshsvc ignore -l switch but that is not the cause of your 'Invalid User or Password',
I get the same 'Access Denied' also if I use the -l switch

For rshsvc I have also used the Microsoft Windows Services for Unix 3.5 version
but nothing change, ALWAYS 'ACCESS DENIED'.
C:\SFU\common> rshsvc.exe -stop
Remote Shell Service: Service stopped

C:\SFU\common> rshsvc.exe -start -p
Remote Shell Service: Service started

C:\SFU\common> rsh localhost -l admin cat c:\autoexec.bat
Unable to execute the command

C:\SFU\common>


However I have found a freware version of the rshd demon that accept the -r switch that ignore the .rhosts file.
Under that conditions all work fine (without the -r switch the service not install !!!)
But WHY rshsvc give to me 'ACCESS DENIED" !!!!!!!!!!

Thanks
stefano

.... is my english understood ???
 
Stefano Gragnani wrote...

Did you notice the -p option which I used to restart the rshsvc service?
Type "rshsvc.exe /?" to check out this option.

However I have found a freware version of the rshd demon that accept the =
-r switch that ignore the .rhosts file.
Under that conditions all work fine (without the -r switch the service =
not install !!!)
But WHY rshsvc give to me 'ACCESS DENIED" !!!!!!!!!!

I got past the "acces denied" error by invoking rshsvc.exe with the -p
option. After that, still no fun.

IMHO, rshsvc.exe is a handicapped toy not worth spending your time on.
In fact, there may be freeware sshd (Secure Shell Daemon) much better
than using rshd. The later is insecure. Check out cygwin implemenation
of sshd instead.
 
Stefano Gragnani wrote...
However I have found a freware version of the rshd demon

I would recommend a freeware version of OpenSSH for Windows.

http://sshwindows.sourceforge.net/

Features
- Windows NT Service Support
- Full install about 5mb, installer under 3mb (Cygwin bloat has
increased the size)
- Windows Command Prompt support for SSH Terminal
- SCP/SFTP server support
- Command-line clients included

Read the quickstart.txt after installation.
 
Did you notice the -p option which I used to restart the rshsvc service?
Type "rshsvc.exe /?" to check out this option.

-p: Do not use passwords stored locally for users
(Passwords for individual users
can be stored by running the 'rshpswd' command)
I got past the "acces denied" error by invoking rshsvc.exe with the -p
option. After that, still no fun.

I have removed rshsvc and:

C:\SFU\common>rshsvc.exe -remove
Remote Shell Service: Service Removed

C:\SFU\common>rshsvc.exe -install
Remote Shell Service: Service installed successfully

C:\SFU\common>rshsvc.exe -start -p
Remote Shell Service: Service started

C:\SFU\common>rshpswd
Enter your password:


C:\SFU\common>rsh server-01 dir c:
Access is denied


or, if you prefers:

C:\SFU\common>rsh server-01 -l Stefano dir c:\
Access is denied

C:\SFU\common>rsh localhost -l Stefano dir c:\
Access is denied


.... SIGH!!!
IMHO, rshsvc.exe is a handicapped toy not worth spending your time on.
In fact, there may be freeware sshd (Secure Shell Daemon) much better
than using rshd. The later is insecure. Check out cygwin implemenation
of sshd instead.

OK! I know the security problem of rshd but I want understand why rshsvc
give me 'Access Denied'.
I would recommend a freeware version of OpenSSH for Windows.

http://sshwindows.sourceforge.net/

I am going to the site now :-)

Thanks
Stefano
 
Stefano Gragnani wrote...
-p: Do not use passwords stored locally for users
(Passwords for individual users
can be stored by running the 'rshpswd' command)


I have removed rshsvc and:

C:\SFU\common>rshsvc.exe -remove
Remote Shell Service: Service Removed

C:\SFU\common>rshsvc.exe -install
Remote Shell Service: Service installed successfully

C:\SFU\common>rshsvc.exe -start -p
Remote Shell Service: Service started

C:\SFU\common>rshpswd
Enter your password:

You don't need to run rshpswd. You are skipping password authentication.
That is why you run "shsvc.exe -start -p".

C:\SFU\common>rsh server-01 dir c:
Access is denied

One thing comes to mind is your wirewalls.

Control Panel -> Security Center -> Windows Firewall ->
Manage Security Setting for "Windows Firewall" -> Exception Tab ->
[/] TCP/IP Remote Shell Command <-- make sure this option is enabled.

If you have installed a 3rd party firewall, make sure you set it
to allow the rshsrv port to go thru.
 
You don't need to run rshpswd. You are skipping password authentication.
That is why you run "shsvc.exe -start -p".

.... obviously :-)

One thing comes to mind is your wirewalls.

Control Panel -> Security Center -> Windows Firewall ->
Manage Security Setting for "Windows Firewall" -> Exception Tab ->
[/] TCP/IP Remote Shell Command <-- make sure this option is enabled.

If you have installed a 3rd party firewall, make sure you set it
to allow the rshsrv port to go thru.

Window XP firewall is disabled and I have not installed another firewall.

Thanks
Stefano
 
Back
Top