HPE Community
Operating System - OpenVMS
1825759 Members
2223 Online
109687 Solutions
New Discussion

VMS-UCX rsh port no

 
arun sanghvi
Occasional Advisor

‎06-12-2007 03:59 AM

‎06-12-2007 03:59 AM

VMS-UCX rsh port no

Hi

What is the TCP/IP port used by RSH to execute a com file on a remote VMS server?

As shown below, when I ran a test from VMS to Unix, VMS shows up as 1023.

dbs2:sanghvi> netstat | grep gnfa
tcp 2 0 dbs2.wilm.ge.com.exec gnfa.wilm.ge.com.1023 ESTABLD

Is this correct?

Thanks.

Arun Sanghvi
0 Kudos
Reply
5 REPLIES 5
Steven Schweda
Honored Contributor

‎06-12-2007 04:09 AM

‎06-12-2007 04:09 AM

Re: VMS-UCX rsh port no

I doubt it.

ALP $ tcpip show service rsh

Service Port Proto Process Address State

RSH 514 TCP TCPIP$RSH 0.0.0.0 Enabled


I'd say the VMS uses the same port for RSH as everyone else does, 514.

Or, for "rsh command":

ALP $ tcpip show service rexec

Service Port Proto Process Address State

REXEC 512 TCP TCPIP$REXEC 0.0.0.0 Enabled


Or, to see them all:

tcpip show service
0 Kudos
Reply
Hoff
Honored Contributor

‎06-12-2007 04:20 AM

‎06-12-2007 04:20 AM

Re: VMS-UCX rsh port no

Per Internet norms, the rshd daemon (the rsh server) listens on 514/TCP. The daemon is expected to ensure the rsh client is somewhere within the privileged port range; using a port below 1024/TCP. Some sites use the 512 to 1023/TCP range for the client port.

What particular situation might you be addressing here?
0 Kudos
Reply
arun sanghvi
Occasional Advisor

‎06-12-2007 04:29 AM

‎06-12-2007 04:29 AM

Re: VMS-UCX rsh port no



Thanks for your prompt response.

I need to provide the RSH port no to network team for firewall configuration.

It seems that firewall needs to opnen up 512, 513 and 514.

0 Kudos
Reply
Steven Schweda
Honored Contributor

‎06-12-2007 04:40 AM

‎06-12-2007 04:40 AM

Re: VMS-UCX rsh port no

You have a network team, and they don't
already _know_ which port(s) to open for RSH?
Time for a new network team?
0 Kudos
Reply
Hoff
Honored Contributor

‎06-12-2007 04:44 AM

‎06-12-2007 04:44 AM

Re: VMS-UCX rsh port no

"I need to provide the RSH port no to network team for firewall configuration"?

It is both interesting and quite surprising that a network team is unfamiliar with rsh. This is one of the standard Berkeley r-commands, after all.

The rsh daemon listens on 514/TCP.

512/TCP is the biff daemon. biff isn't usually found on OpenVMS.

513/TCP is the rexec daemon.

rsh is a comparatively insecure and open protocol, and not something generally seen nor selected for passage through firewalls. ssh and other (encrypted) approaches are often a better and more secure choice.

rsh attacks are quite common -- well, so are ssh attacks, but at least ssh doesn't leak its information in cleartext.


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.