Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: OK.

  • From: Mark Tripod
  • Date: Sun Oct 26 00:07:09 1997

That is not true. You don't need to have a local user configured on the
router in order to use rsh or rcp. It is only needed if you aren't doing
some type of remote authentication like tacacs. I would however suggest
that you avoid rsh family commands on your routers. If you do feel that it
is essential to use them make sure to use tacacs and aaa acounting to log
all command transactions. To not do so is to ask for trouble.

Mark Tripod
Exodus Communications
 ----
From: Jamie Rishaw <jamie@intuition.iagnet.net>
To: Todd R. Stroup <tstroup@fibernet.net>
Cc: cosmo@olywa.net; alex@nac.net; nanog@merit.edu
Date: Saturday, October 25, 1997 10:21 AM
Subject: Re: OK.

Todd R. Stroup wrote:
>
> Looking at the source for the looking-glass though it doesn't use the
> username option for rsh command.  When useing the cisco command below
> don't you have to use the rsh username?
>
>  ip rcmd remote-host www 206.183.224.12 nobody
>
> I changed the ip of the $ROUTER in lg.pl to
> "www\@ipaddress.of.router"  instead of "ipaddress.of.router"
> which seems to work.  I kept getting Permission Denied without it.

You need to make sure that in 'ip rcmd' that you have local-username
defined to something that there is a 'username xxx' entry on the cisco
for.

In other words, if you have (sorry syntax is probably not correct):

ip rcmd remote-host joebob lookingglass.yourcompany.com daemon enable

you have to have a

'username joebob' entry on the cisco as well.

local-username means "apply the permissions of local-username when this
rsh
matches"

and remote-username is the userid of whatever your cgi-bin runs as.. if
your
web server is setuid "daemon" and cgi-bins are daemon, it will only work
if you have 'daemon' as a remote-username in the ip rcmd command.

HTH,

-jamie
--
jamie g.k. rishaw  dal/efnet:gavroche  __    IAGnet/CICNet/netILLINOIS
Netops
DID:216.902.5455 FAX:216.623.3566      \/            800.637.4IAGx5455
"It's like im being tied to the hood of a yellow rental truck being packed
in
with fertilizer and fuel oil.. pushed over a cliff by a suicidal mickey
mouse." 



  • Follow-Ups:


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.