HowTo - rsh, rlogin, rexec
-- for Red Hat Linux distributions --

Karel Zak <>

I. Enable rsh (or rlogin, ...)

1) /etc/xinetd.d/rsh

	service shell
		socket_type             = stream
		wait                    = no
		user                    = root
		log_on_success          += USERID
		log_on_failure          += USERID
		server                  = /usr/sbin/in.rshd
		disable                 = no
The option "disable" set to "no".

2) Restart your "xinetd" daemon:

	service xinetd restart

3) /etc/securetty
Don't forget check if "rsh" (or "rlogin", ...) is there.

4) Check connection from server to client.
All r[sh | login | exec] utils use two connections. One from client to server and second from server to client.

5) Check if you server is able to convert client IP address to hostname.

6) Check your ~/.rhosts

7) Check your /etc/pam.d/rsh (or rlogin, ...) 8) Never change /etc/pam.d/rsh to use somethimeg other than:

II. Notes

1) "rsh" with and without <command> are not same commands

2) In the Red Hat distributions you can found kerberosized versions of "rsh" (or "rlogin", ...).

If you don't need the kerberized version it is better to use absolute path to rsh. You will save yourself the kerberos checking and an execution of the original "rsh" if the kerberos auth fails.

III. Limits

1) The number of privileged ports is limited. The rsh (or rlogin, rcp, ...) uses privileged ports 512-1023. If all ports are used there is no space for a new connection. To check your server's ports status do:

	netstat -n --inet

2) TCP/IP connections doesn't end instantly but uses the TIME_WAIT state. The timeout of this state is cca 60s. It's possible that all your reserved ports are in TIME_WAIT state if you use connect and disconnect to server very very often.

IV. Troubleshooting

1) Check /var/log/messages. You can found there a lot of interesing information.

2) Your friend is "strace" program.

3) Reports bugs to
It is a good idea to append the strace output to your bug report.