I am a moron; I can't figure it out.
How do you make a cisco so that you can rsh into it (to use Mr. Kerns
looking glass)?
Check out the 'ip rcmd' commands in 11.1 and later
(specifically, ip rcmd rsh-enable)
Alec
It's my opinion first and foremost that you are not a moron.
Moreover, and keeping with the operational charter of the newsgroup, I
would not recommend that folks enable r* commands on their cisco
routers.
When automated access is required, automating access with stored
passwords can be done quite handily.
While one must focus on protecting the sanctity of the stored
passwords, one doesn't have to focus on the security of forged r*
logins. Protecting something within a host, rather than a network
segment, is probably simpler in this case than the converse.
$0.02.
Most web page access, odd-statistics gathering, and ease-of-use
tools with which I am familiar use ^expect^ to implement such.
-alan
Quoting Alex Rubenstein (alex@nac.net):
Most web page access, odd-statistics gathering, and ease-of-use
tools with which I am familiar use ^expect^ to implement such.
One such example would be MCI's "pollem", available at
ftp://ftp.mci.net/outgoing/pollem
"pollem" is a perl script that will log into a Cisco, pull
a copy of the on-line config, and compare it with a previously
pulled config (for things like network audits, etc). It
can be changed to execute any command that the logged in user
has privledge for.
Alex Rubenstein wrote:
I am a moron; I can't figure it out.
How do you make a cisco so that you can rsh into it (to use Mr. Kerns
looking glass)?>
Lets create a moron's mailing list, I cannot find it either..
It's my opinion first and foremost that you are not a moron.
Thanks.
Moreover, and keeping with the operational charter of the newsgroup, I
would not recommend that folks enable r* commands on their cisco
routers.
I have been thinking about this; and, I can't figure out why. If you can
in the cisco specifically tell it which machines to listen to for rsh
connections, and specifically tell it not to allow any enable commands,
how can it be bad?
When automated access is required, automating access with stored
passwords can be done quite handily.
I have a couple problems with this; one, the password is stored on disk,
somewhere. Two; what if the password is changed? Or different on each box?
That is a royal pain in the ass. Three; It seems that rsh/rcmd connections
are *way* faster than a telnet/login/whatever/exit routine -- at least in
my experience.
While one must focus on protecting the sanctity of the stored
passwords, one doesn't have to focus on the security of forged r*
logins. Protecting something within a host, rather than a network
segment, is probably simpler in this case than the converse.
I look forward to more comments.