From willmann@rice.edu  Tue Mar  4 19:22:52 2003
Return-Path: <willmann@rice.edu>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AF01A37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Mar 2003 19:22:52 -0800 (PST)
Received: from handler9.mail.rice.edu (handler9.mail.rice.edu [128.42.58.209])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 02FA243FCB
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Mar 2003 19:22:50 -0800 (PST)
	(envelope-from willmann@rice.edu)
Received: from localhost (localhost [127.0.0.1])
	by handler9.mail.rice.edu (Postfix) with SMTP id 7822A1DB51
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Mar 2003 21:22:49 -0600 (CST)
Received: from localhost (localhost [127.0.0.1])
	by handler9.mail.rice.edu (Postfix) with ESMTP id 4B43C1DB4D
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Mar 2003 21:22:49 -0600 (CST)
Received: from rice.edu (register.rice.edu [128.42.95.253])
	by handler9.mail.rice.edu (Postfix) with ESMTP id 3129D1DB46
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Mar 2003 21:22:48 -0600 (CST)
Message-Id: <D19D7160-4EB9-11D7-A0FF-000393DC7890@rice.edu>
Date: Tue, 4 Mar 2003 21:23:22 -0600
From: Paul Willmann <willmann@rice.edu>
To: FreeBSD-gnats-submit@freebsd.org
Subject: rcp fails for root even when rsh works fine 

>Number:         48940
>Category:       bin
>Synopsis:       rcp fails for root even when rsh works fine
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 04 19:30:09 PST 2003
>Closed-Date:    Thu Mar 06 18:02:40 PST 2003
>Last-Modified:  Fri Mar  7 20:50:06 PST 2003
>Originator:     Paul Willmann <willmann@rice.edu>
>Release:        FreeBSD 5.0-RELEASE i386
>Organization:
Rice University
>Environment:
 System: FreeBSD client1.cs.rice.edu 5.0-RELEASE FreeBSD 5.0-RELEASE #0: 
 Thu Jan 16 22:16:53 GMT 2003 
 root@hollin.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386
 	
 	i386 platform, AMD athlon xp 2000+
>Description:
 	'rcp' does not work to/from the 5.0-RELEASE machine for user "root".  
 I have installed my /root/.rhosts file (from a 4.x-STABLE box) 
 correctly and installed/started inetd.  As proof, I can rsh 
 successfully (as root) from other machines to my 5.0-RELEASE machine.  
 However, when I attempt to rcp, I get a "rshd:  incorrect login" error. 
   I don't think i've misconfigured anything here, because root can rsh 
 fine.  This is an issue for setting up new boxes (usually use rdist).  
 Anyhow, I found other messages in the newsgroups that say the same 
 thing, so I thought I should report it.  (Sorry if my format is sloppy 
 - this is my first bug report to you guys.)  (This is for my lab 
 environment which is behind a firewall.)
 
 It should be noted that non-root users can rcp successfully.
 
>How-To-Repeat:
 	See description
>Fix:
 	I don't know how to fix this - I have not yet investigated the code, 
 but I suspect an error in PAM since rsh works fine and non-root users 
 can rcp successfully.  (And, as previously noted, root can rsh 
 successfully - but not rcp.)
 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Thu Mar 6 15:28:22 PST 2003 
Responsible-Changed-Why:  
Reassigned misfiled PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48940 

From: Mike Makonnen <mtm@identd.net>
To: Ceri Davies <ceri@FreeBSD.ORG>
Cc: bug-followup@FreeBSD.ORG
Subject: Re: bin/48940: rcp fails for root even when rsh works fine
Date: Thu, 6 Mar 2003 20:49:18 -0500

 By default ssh does not permit root logins and ignores .rhosts files. You will
 need to add the following to /etc/ssh/sshd_config. The usual caveats about
 security implications apply...
 
 PermitRootLogin yes
 IgnoreRhosts no
 
 Cheers.
 -- 
 Mike Makonnen  | GPG-KEY: http://www.identd.net/~mtm/mtm.asc
 mtm@identd.net | Fingerprint: D228 1A6F C64E 120A A1C9  A3AA DAE1 E2AF DBCC 68B9
State-Changed-From-To: open->closed 
State-Changed-By: mtm 
State-Changed-When: Thu Mar 6 18:01:27 PST 2003 
State-Changed-Why:  
This is not a bug. 
For future reference, questions like this should be 
directed to the mailing lists. 
Thanks for using FreeBSD ! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48940 

From: Bruce Evans <bde@zeta.org.au>
To: Mike Makonnen <mtm@identd.net>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/48940: rcp fails for root even when rsh works fine
Date: Sat, 8 Mar 2003 08:08:35 +1100 (EST)

 On Thu, 6 Mar 2003, Mike Makonnen wrote:
 > Subject: Re: bin/48940: rcp fails for root even when rsh works fine
 
 >  By default ssh does not permit root logins and ignores .rhosts files. You will
 >  need to add the following to /etc/ssh/sshd_config. The usual caveats about
 >  security implications apply...
 >
 >  PermitRootLogin yes
 >  IgnoreRhosts no
 
 Er, ssh's configurarion doesn't affect rsh.
 
 I don't know how rsh can work for root without changing
 /etc/pam.d/rsh to add a security hole almost as above.  Without such a
 hole, neither rsh nor rcp by root work for me; with such a hold, they both
 work for me.
 
 Bruce
 

From: Mike Makonnen <mtm@identd.net>
To: Bruce Evans <bde@zeta.org.au>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/48940: rcp fails for root even when rsh works fine
Date: Fri, 7 Mar 2003 23:47:34 -0500

 On Sat, 8 Mar 2003 08:08:35 +1100 (EST)
 Bruce Evans <bde@zeta.org.au> wrote:
 
 > 
 > Er, ssh's configurarion doesn't affect rsh.
 > 
 > I don't know how rsh can work for root without changing
 > /etc/pam.d/rsh to add a security hole almost as above.  Without such a
 > hole, neither rsh nor rcp by root work for me; with such a hold, they both
 > work for me.
 
 Argh! I read that as: scp was not working. Sorry.
 To allow rsh and/or rcp by root you need to do what Bruce said. Specifically,
 you need to allow root in the pam_rhosts module:
 
 Index: src/etc/pam.d/rsh
 ===================================================================
 RCS file: /home/ncvs/src/etc/pam.d/rsh,v
 retrieving revision 1.4
 diff -u -r1.4 rsh
 --- src/etc/pam.d/rsh	18 Apr 2002 17:40:27 -0000	1.4
 +++ src/etc/pam.d/rsh	8 Mar 2003 04:43:23 -0000
 @@ -6,7 +6,7 @@
  
  # auth
  auth		required	pam_nologin.so	no_warn
 -auth		required	pam_rhosts.so	no_warn
 +auth		required	pam_rhosts.so	allow_root no_warn
  
  # account
  account		required	pam_unix.so
 
 
 Cheers.
 -- 
 Mike Makonnen  | GPG-KEY: http://www.identd.net/~mtm/mtm.asc
 mtm@identd.net | Fingerprint: D228 1A6F C64E 120A A1C9  A3AA DAE1 E2AF DBCC 68B9
>Unformatted:
