Remote Shell

Benicio_Miguel_Sanch · September 28, 1998, 6:32pm

I need to give remote shell access to a user in a server (an HP-9000 k410
running HP-UX 10.10) conected to mine through a 3Com router, I have done
some investigation and what I have found is that I have to open port 514
for tcp, for some reason this did not work, so I opened (temporarily of
course) all the ports on the router....and it worked, but I don�t want to
leave it like that, Does anyone now what port(s) I need to leave open to
alow the remote shells?.

Is there any configuration needed other than the equiv.hosts and (or) the
.rhosts files ?

Thanks in advance for your answers

Benicio Sanchez
Network Operations Engineer
Alestra

Roeland_M.J_Meyer · September 28, 1998, 8:55pm

Set up SSH <http://www.datafellows.com> and open port 22. I would NOT allow
plain ol' telnet over the Internet. SSH is free for non-commercial use and
is works quite well under HP-UX.

Zachary_McGibbon · September 29, 1998, 2:48am

You can perform 'rsh' type commands with ssh as well... here's an example:

/# ssh servername w
root@servername's password: <type password here>
10:45pm up 19 days, 6:31, 2 users, load average: 0.18, 0.11, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root ttyp0 client 8:08pm 2:37m 0.27s 0.10s

You can also setup authorized keys on the server side. In your home dir
on the server, go into the '.ssh' dir, and create a file called
'authorized_keys', then on your workstation, type 'ssh-keygen'. In your
home dir, go into '.ssh' and take the contents of 'identity.pub' and copy
that to the 'authorized_keys' on the server side. Then 'chmod 600
authorized_keys' on the server side. Then it won't ask you for a password
when you ssh to that machine. It's usefull if you want to set this up as
a cronjob to do something on a remote machine.

Chris_Cappuccio · September 29, 1998, 3:48am

You can perform 'rsh' type commands with ssh as well... here's an example:

>
> /# ssh servername w
> root@servername's password: <type password here>
> 10:45pm up 19 days, 6:31, 2 users, load average: 0.18, 0.11, 0.09
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> root ttyp0 client 8:08pm 2:37m 0.27s 0.10s
>
> You can also setup authorized keys on the server side. In your home dir
> on the server, go into the '.ssh' dir, and create a file called
> 'authorized_keys', then on your workstation, type 'ssh-keygen'. In your
> home dir, go into '.ssh' and take the contents of 'identity.pub' and copy
> that to the 'authorized_keys' on the server side. Then 'chmod 600
> authorized_keys' on the server side. Then it won't ask you for a password
> when you ssh to that machine. It's usefull if you want to set this up as
> a cronjob to do something on a remote machine.
>
>

You might want to make sure "RhostsRSAauth..." is turned on with sshd and
create a file called .shosts in your home dir with

dqc.org chris

(host, user)

Of course this depends on the security of the client machine..If someone
compromises the client identity file (root or the client account basically..)
and then can fake for .shosts, your security is compromised. Without
RhostsRSA, and just doing what Zach listed above, it will ask for the key's
password...