[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: inetd.conf.changes

Peter Ehlin <pelin@voxi.se> writes:

> So, what should be in my /etc/inetd.conf if I want to have something
> like the old ekshell (encryption and authetication) and disallow the
> unencrypted rsh variants?

You can't really do this as it is now. The following (untested) patch
should disable non-encrypted V5 rsh sessions, if rshd is passed the -x
option, so if you have -k -x on both ports, you will get the desired
result, but probably because the v4 rsh:s will be royally confused by
the encrypted response.

We should fix this in a better way.


--- rshd.c      2000/07/02 15:50:21     1.33
+++ rshd.c      2000/09/12 13:50:26
@ -363,6 +363,8 @
        do_encrypt = 1;
        memmove (cmd, cmd + 3, strlen(cmd) - 2);
     } else {
+       if(do_encrypt)
+           fatal (s, "Encryption required");
        do_encrypt = 0;