Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

VMS-UCX rsh port no

 
arun sanghvi
Occasional Advisor

VMS-UCX rsh port no

Hi

What is the TCP/IP port used by RSH to execute a com file on a remote VMS server?

As shown below, when I ran a test from VMS to Unix, VMS shows up as 1023.

dbs2:sanghvi> netstat | grep gnfa
tcp 2 0 dbs2.wilm.ge.com.exec gnfa.wilm.ge.com.1023 ESTABLD

Is this correct?

Thanks.

Arun Sanghvi
5 REPLIES
Steven Schweda
Honored Contributor

Re: VMS-UCX rsh port no

I doubt it.

ALP $ tcpip show service rsh

Service Port Proto Process Address State

RSH 514 TCP TCPIP$RSH 0.0.0.0 Enabled


I'd say the VMS uses the same port for RSH as everyone else does, 514.

Or, for "rsh command":

ALP $ tcpip show service rexec

Service Port Proto Process Address State

REXEC 512 TCP TCPIP$REXEC 0.0.0.0 Enabled


Or, to see them all:

tcpip show service
Hoff
Honored Contributor

Re: VMS-UCX rsh port no

Per Internet norms, the rshd daemon (the rsh server) listens on 514/TCP. The daemon is expected to ensure the rsh client is somewhere within the privileged port range; using a port below 1024/TCP. Some sites use the 512 to 1023/TCP range for the client port.

What particular situation might you be addressing here?
arun sanghvi
Occasional Advisor

Re: VMS-UCX rsh port no



Thanks for your prompt response.

I need to provide the RSH port no to network team for firewall configuration.

It seems that firewall needs to opnen up 512, 513 and 514.

Steven Schweda
Honored Contributor

Re: VMS-UCX rsh port no

You have a network team, and they don't
already _know_ which port(s) to open for RSH?
Time for a new network team?
Hoff
Honored Contributor

Re: VMS-UCX rsh port no

"I need to provide the RSH port no to network team for firewall configuration"?

It is both interesting and quite surprising that a network team is unfamiliar with rsh. This is one of the standard Berkeley r-commands, after all.

The rsh daemon listens on 514/TCP.

512/TCP is the biff daemon. biff isn't usually found on OpenVMS.

513/TCP is the rexec daemon.

rsh is a comparatively insecure and open protocol, and not something generally seen nor selected for passage through firewalls. ssh and other (encrypted) approaches are often a better and more secure choice.

rsh attacks are quite common -- well, so are ssh attacks, but at least ssh doesn't leak its information in cleartext.