Linux command – R Shell (rexec, rlogin, rsh, rcp)

R Shell 有 rexec, rlogin, rsh (rcp) 等工具,對應到的 port 為 512, 513, 514 . 不建議使用這些工具當遠端管理,現在多採用較安全的 SSH (SCP) 來進行.

測試環境為 CentOS7 x86_64 虛擬機.

  • RSH Server IP: 192.168.95.129
  • RSH Client IP: 192.168.95.150

所需套件 rsh (Client) 與 rsh-server (Server)

[root@localhost ~]# yum install rsh rsh-server

rsh

rsh 可以讓 Client 端直接執行 server 端的指令.

  • RSH Server
    [root@localhost ~]# systemctl enable rsh.socket
    Created symlink from /etc/systemd/system/sockets.target.wants/rsh.socket to /usr/lib/systemd/system/rsh.socket.
    [root@localhost ~]# systemctl start rsh.socket
    [root@localhost ~]# systemctl status rsh.socket
    ● rsh.socket - Remote Shell Facilities Activation Socket
       Loaded: loaded (/usr/lib/systemd/system/rsh.socket; enabled; vendor preset: disabled)
       Active: active (listening) since 三 2018-07-04 05:19:23 EDT; 6s ago
       Listen: [::]:514 (Stream)
     Accepted: 0; Connected: 0
    
     7月 04 05:19:23 localhost.localdomain systemd[1]: Listening on Remote Shell...
     7月 04 05:19:23 localhost.localdomain systemd[1]: Starting Remote Shell Fac...
    Hint: Some lines were ellipsized, use -l to show in full.
    [root@localhost ~]# netstat -tlnp | grep -i 514
    tcp6       0      0 :::514                  :::*                    LISTEN      1/systemd   
    

    rsh client 預設不能使用 root, 須修改 /etc/securetty (關於 PAM 請參考 http://benjr.tw/291 )

    [root@localhost ~]# echo "rsh" >> /etc/securetty
    

    把遠端 IP 加入 root 使用者的 .rhosts

    [root@localhost ~]# echo "192.168.95.150 root" >> /root/.rhosts
    
  • RSH Client
    遠端 Client 就可以直接執行 Server 端指令了.
    參數 : -l 指定用戶

    [root@localhost ~]# rsh -l root 192.168.95.129 'ls -l /root'
    total 12
    -rw-------. 1 root root 1394 Jan 27 11:16 anaconda-ks.cfg
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Desktop
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Documents
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Downloads
    -rw-r--r--  1 root root 1422 Jan 27 04:06 initial-setup-ks.cfg
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Music
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Pictures
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Public
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Templates
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Videos
    

rcp

剛剛已經設定好 rsh Server ,Client 就可以直接使用 rcp 複製 Server 端檔案了.

[root@localhost ~]# rcp root@192.168.95.129:/root/anaconda-ks.cfg ./

rlogin

rlogin 跟 telnet 類似,都是讓使用者登入到系統的服務.

  • RLogin Server
    [root@localhost ~]# systemctl enable rlogin.socket
    Created symlink from /etc/systemd/system/sockets.target.wants/rlogin.socket to /usr/lib/systemd/system/rlogin.socket.
    [root@localhost ~]# systemctl start rlogin.socket
    [root@localhost ~]# systemctl status rlogin.socket
    ● rlogin.socket - Remote Login Facilities Activation Socket
       Loaded: loaded (/usr/lib/systemd/system/rlogin.socket; enabled; vendor preset: disabled)
       Active: active (listening) since 四 2018-07-05 03:43:18 EDT; 6s ago
       Listen: [::]:513 (Stream)
     Accepted: 0; Connected: 0
    
     7月 05 03:43:18 localhost.localdomain systemd[1]: Listening on Remote Login...
     7月 05 03:43:18 localhost.localdomain systemd[1]: Starting Remote Login Fac...
    Hint: Some lines were ellipsized, use -l to show in full.
    [root@localhost ~]# netstat -tlnp | grep -i 513
    tcp6       0      0 :::513                  :::*                    LISTEN      1/systemd   
    

    rlogin client 預設不能使用 root 登入, 須修改 /etc/securetty (關於 PAM 請參考 http://benjr.tw/291 )

    [root@localhost ~]# echo "rlogin" >> /etc/securetty
    

    把遠端 IP 加入 root 使用者的 .rhosts 可以讓該 IP 的 root 不需輸入密碼即可登入.

    [root@localhost ~]# echo "192.168.95.150 root" >> /root/.rhosts
    
  • RLogin Client
    rlogin 參數 : -l 指定用戶

    [root@localhost ~]# rlogin -l root 192.168.95.129
    Last failed login: Thu Jul  5 03:54:42 EDT 2018 from 192.168.95.150 on pts/1
    There were 2 failed login attempts since the last successful login.
    Last login: Thu Jul  5 03:51:27 from 192.168.95.150
    

rexec

rexec 類似 rsh 都可以讓 Client 端直接執行 server 端的指令,不同的是 rexec 需要輸入密碼.

  • REXEC Server
    [root@localhost ~]# systemctl enable rexec.socket
    Created symlink from /etc/systemd/system/sockets.target.wants/rexec.socket to /usr/lib/systemd/system/rexec.socket.
    [root@localhost ~]# systemctl start rexec.socket
    [root@localhost ~]# systemctl status rexec.socket
    ● rexec.socket - Remote Execution Facilities Activation Socket
       Loaded: loaded (/usr/lib/systemd/system/rexec.socket; enabled; vendor preset: disabled)
       Active: active (listening) since 四 2018-07-05 03:56:46 EDT; 12s ago
       Listen: [::]:512 (Stream)
     Accepted: 0; Connected: 0
    
     7月 05 03:56:46 localhost.localdomain systemd[1]: Listening on Remote Execu...
     7月 05 03:56:46 localhost.localdomain systemd[1]: Starting Remote Execution...
    Hint: Some lines were ellipsized, use -l to show in full.
    [root@localhost ~]# netstat -tlnp | grep -i 512
    tcp6       0      0 :::512                  :::*                    LISTEN      1/systemd    
    

    rexec client 預設不能使用 root, 須修改 /etc/securetty (關於 PAM 請參考 http://benjr.tw/291 )

    [root@localhost ~]# echo "rexec" >> /etc/securetty
    
  • REXEC Client
    [root@localhost ~]# rexec -l root 192.168.95.129 'ls -l /root'
    Password: 
    total 12
    -rw-------. 1 root root 1394 Jan 27 11:16 anaconda-ks.cfg
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Desktop
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Documents
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Downloads
    -rw-r--r--  1 root root 1422 Jan 27 04:06 initial-setup-ks.cfg
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Music
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Pictures
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Public
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Templates
    drwxr-xr-x  2 root root    6 Jan 27 04:07 Videos
    

常見錯誤

connect to address 192.168.95.129 port 543: Connection refused
trying normal rlogin (use/bin/rlogin)

TCP port 543 是 klogin, Kerberos 登入用的埠,當你的系統有安裝 kerberos 時 rlogin 會採用這種身份驗證,當無法驗證的時候就採用一般的身份驗證方式.

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步瞭解 Akismet 如何處理網站訪客的留言資料