HPE Community
Operating System - HP-UX
1832310 Members
2730 Online
110041 Solutions
New Discussion

configuration of rexec

 
SOLVED
Go to solution
fahad_8
Advisor

‎05-21-2006 09:36 PM

‎05-21-2006 09:36 PM

configuration of rexec

i got this report from security section


bv-Control for Internet Security has found the rexec service running. rexecd (TCP-based remote execution) is a way of executing commands on a remote machine. In rexecd's default configuration, it requires no authentication to execute commands.

Recommendation: You should change the default configuration of rexec to allow authentication.

soo please help me , how can i change the default configuration of rexec

thank you sooo much
0 Kudos
Reply
5 REPLIES 5
Chan 007
Honored Contributor

‎05-21-2006 09:42 PM

‎05-21-2006 09:42 PM

Re: configuration of rexec

Hi

Why don't you use ssh (Secure Shell).

Chan
0 Kudos
Reply
fahad_8
Advisor

‎05-21-2006 10:13 PM

‎05-21-2006 10:13 PM

Re: configuration of rexec

thanks for your reply
do you think when we use ssh (Secure Shell), it will solve this problem ??
How ??

Regards
0 Kudos
Reply
Warren_9
Honored Contributor

‎05-21-2006 10:19 PM

‎05-21-2006 10:19 PM

Re: configuration of rexec

hi,

empty /etc/host.equiv and all the .rhosts file on the hosts and it will remove the trust relation.

after that, password require everytime using the "remote" cmd ... such as rlogin, remsh, rexec...

to find the .rhosts
# find / -name .rhosts -exec ls -l {} \;

to empty it
# > .rhosts

cut from the man page.
WARNINGS:
For security reasons, the /etc/hosts.equiv and .rhosts files should exist, even if empty, and they should be readable and writable only by the owner.
Note also that all information, including any passwords asked for, is passed unencrypted between the two hosts.

GOOD LUCK!!
0 Kudos
Reply
Rajesh SB
Esteemed Contributor

‎05-21-2006 10:31 PM

‎05-21-2006 10:31 PM

Solution

Re: configuration of rexec

Hi,

If you don't want to allow rexec strictly.
Just disable the service by commenting the line in /etc/inetd.conf

#exec stream tcp nowait root /usr/lbin/rexecd rexecd

And restart inetd daemon by /usr/sbin/inetd -c

Regards,
Rajesh
Reply
Chan 007
Honored Contributor

‎05-21-2006 10:53 PM

‎05-21-2006 10:53 PM

Re: configuration of rexec

Hi

As suggested by other Warren & Raj do that, if you need secured remote shell use the ssh products. Nowadays this products replaced all r* commands like rcp, remsh etc.

Please find SSH details

1. http://docs.hp.com/en/T1471-90005/ch01s02.html

2. Similar question

http://forums1.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=1016331

Chan
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.