I am on a Windows Vista 64-bit Enterprise machine with Subsystem for Unix Applications installed and the applications downloaded. I am attempting to use RSH to connect to a FreeBSD server. The command I would like to execute is:
rsh host.suffix1.company.com command
The .rhosts file in my home directory on host.suffix1.company.com looks like this:
+ myusername + mydomain\myusername + mydomain/myusername + myusername@mydomain + + mycomputer.suffix2 myusername mycomputer.suffix2 + mycomputer.suffix2.company.com myusername mycomputer.suffix2.company.com +
I know + + is bad, but let's ignore that for now. When I run this:
rsh host.suffix1.company.com command
I get the following error:
rshd: Login incorrect.
However, when I run
rsh -l myusername host.suffix1.company.com command
this works flawlessly. What I'd like to know is:
I'm assuming that here SUA is sending some form of mydomain\myusername, but I'm wondering what other entries I might need to make to the rhosts file to allow this and why the + + isn't allowing this?
I would guess that examining syslog (or another appropriate log?) on the freebsd box could give you the login name from the failed login. On my linux machine I get the lines like the following from the frequent ssh attacks:
May 19 19:57:40 anton sshd[29795]: Failed password for invalid user mercedes from 124.217.246.181 port 49198 ssh2
May 19 19:57:40 anton sshd[29796]: Received disconnect from 124.217.246.181: 11: Bye Bye
May 19 19:57:45 anton unix_chkpwd[29802]: password check failed for user (games)
May 19 19:57:45 anton sshd[29799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns1.1oasis.net user=games
May 19 19:57:48 anton sshd[29799]: Failed password for games from 124.217.246.181 port 49956 ssh2
This is from sshd, but I would be surprised if not rshd is not able to log something similar (although it might be off by default and needs to be enabled).
For guesses on what the rsh client made by microsoft gets the name from I have few ideas. A traditional unix rsh would of course get the name from /etc/passwd, reading it indirectly with getpwent() (failing that it might fall back to environmental variables LOGNAME or USER?). Is "myusername" present in c:\windows\system\etc\passwd (or whatever SUA maps as /etc/passwd)?