tags:

views:

277

answers:

1
Q: 

How Can I Tell what Username RSH sends from SUA?

I am on a Windows Vista 64-bit Enterprise machine with Subsystem for Unix Applications installed and the applications downloaded. I am attempting to use RSH to connect to a FreeBSD server. The command I would like to execute is:

rsh host.suffix1.company.com command

The .rhosts file in my home directory on host.suffix1.company.com looks like this:

+ myusername
+ mydomain\myusername
+ mydomain/myusername
+ myusername@mydomain
+ +
mycomputer.suffix2 myusername
mycomputer.suffix2 +
mycomputer.suffix2.company.com myusername
mycomputer.suffix2.company.com +

I know + + is bad, but let's ignore that for now. When I run this:

rsh host.suffix1.company.com command

I get the following error:

rshd: Login incorrect.

However, when I run

rsh -l myusername host.suffix1.company.com command

this works flawlessly. What I'd like to know is:

  1. What is SUA sending as the username when I don't specify it via -l?
  2. How can I change what SUA is sending?

I'm assuming that here SUA is sending some form of mydomain\myusername, but I'm wondering what other entries I might need to make to the rhosts file to allow this and why the + + isn't allowing this?

+1  A: 

I would guess that examining syslog (or another appropriate log?) on the freebsd box could give you the login name from the failed login. On my linux machine I get the lines like the following from the frequent ssh attacks:

May 19 19:57:40 anton sshd[29795]: Failed password for invalid user mercedes from 124.217.246.181 port 49198 ssh2
May 19 19:57:40 anton sshd[29796]: Received disconnect from 124.217.246.181: 11: Bye Bye
May 19 19:57:45 anton unix_chkpwd[29802]: password check failed for user (games)
May 19 19:57:45 anton sshd[29799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns1.1oasis.net  user=games
May 19 19:57:48 anton sshd[29799]: Failed password for games from 124.217.246.181 port 49956 ssh2

This is from sshd, but I would be surprised if not rshd is not able to log something similar (although it might be off by default and needs to be enabled).

For guesses on what the rsh client made by microsoft gets the name from I have few ideas. A traditional unix rsh would of course get the name from /etc/passwd, reading it indirectly with getpwent() (failing that it might fall back to environmental variables LOGNAME or USER?). Is "myusername" present in c:\windows\system\etc\passwd (or whatever SUA maps as /etc/passwd)?

hlovdal  2009-05-19 22:54:04
Thanks for these suggestions - I especially think the syslog idea is a good one. However, I don't have access to syslog on the freebsd machine unfortunately so I cannot examine it. But I think that would be the way to go to ultimately figure this out.SUA does not have a passwd file (no /etc/passwd can be found from the shells and it is not on the filesystem under etc). LOGNAME and USER map to just "myusername" without the domain, so nothing unusual there. Thanks!
Zach  2009-05-20 13:31:17

related questions

How to determine current remote connection type? (rsh or ssh)
Getting Windows 7 SUA's bash shell working with emacs (EmacsW32)?
remsh rsh error redirect problem
Running daemon through rsh
Passing the shell-command to RSH daemon inside an "ACK" packet.
Setting up Notepad++ to compile with GCC on Windows 7 with SUA
How can I remotely log on to a machine, execute a script which sets up an environment, then accept user input?
Potential problems setting window.location.hash
What are the advantages of rsh versus Perl's Expect.pm?
How do you use ssh in a shell script?