Installation of rsh package on RHEL 7.9 (rsh not found)

Latest response

Hi!
I have RHEL 7.9 running and I need rsh to work (I know about SSH....). What I can see, rsh was removed in RHEL 8 but it seems to be gone already in 7.9 (3.10.0-1160.elt.x86_64, "developer version"). Somewhere I saw that rsh and rsh-server were listed to be included in 7.9 under license "SBD".
In EPEL 7 I cannot see rsh/rsh-server listed, but in EPEL 8 I found them.

So, what to do? Is there an "easy" way to get it running? I want to execute command remotely on a machine that I cannot change. Command shall be:
rsh -l ........
Problem is that if I want to use SSH I assume I need to do settings on remote machine and that is not possible.

Br Björn

Responses

Please consider the bad security issues with rsh such as:

  • quoted material:

Examples of inherently insecure services include rlogin, rsh, telnet, and vsftpd. All remote login and shell programs (rlogin, rsh, and telnet) should be avoided in favor of SSH. See Section 4.3.11, “Securing SSH” for more information about sshd.

IF YOU MUST: do so temporarily only!!

Using rsh is a very bad practice when ssh is available. If you have to use rsh for some immediate short-term matter, only use it on a disposable system for the brief period to access the legacy system using an insecure protocol that puts you at risk, and then wipe/reload the system when the temporary task is done. We severely recommend not using rsh persistently.

Kind Regards,
RJ

Hi, Thanks, but given the situation I am not sure I will succeed with SSH since I cannot control remote machine. Of course, that is a result of the improved security of SSH compared to rsh :)

Br Björn

Hello Br Björn,

From what I can see in the discussion above...

  • You are working from home and have a need to run remote commands on a system at work.
  • In your comments you have noted the lack of rsh and have pursued that as a possibility to fulfill your requirement.
  • We've agreed on the lack of security with rsh, and you've mentioned ssh seems to be not an option for you.
  • You've mentioned in your replies that you "cannot control the remote machine", I get the idea from that you mean that you can't make changes to the system.

It would take some effort to make rsh work because it is typically blocked unless you take additional actions such as enabling the specific ports with firewalld. I'd really recommend not enabling rsh unless you get specific agreements with those that own the system(s) you have a need to use. rsh introduces security risks that are not good.

I see you cannot control the remote machine. One person here mentioned the possibility of vsftpd if you just needed to move files consider vsftpd mentioned at this RH solution https://access.redhat.com/solutions/3436. However, it seems you need to run commands.

Is there a possibility you could coordinate with those that own the systems you wish to use? If you are working from home and have a valid need to use work systems while at home, it would make sense the company you work for would "pave the way" for you to do so.

One concept in light of this is "remote desktop" here, also this which apparently is unsupported.

I really recommend coordinating this in a appropriate way with those that should be involved with the company that you are working with.

kind Regards,
RJ

Hi Björn,

I couldn't agree more with what my esteemed colleague and friend RJ told you - please stay away from using rsh at all.
In case the owner of the system you want to access is another company/customer, please contact their administrators.
But in case the system belongs to your (home) environment, you could consider accessing the system via ssh like this :

Assuming you have already created the ssh key ...

su -
ssh-keyscan <ip-address-of-the-server> >> /etc/ssh/ssh_known_hosts
exit

ssh-copy-id <user@ip-address-of-the-server>
ssh <user@ip-address-of-the-server>

Hope this is helpful and a suitable option for you. :)

Regards,
Christian

Nice, thanks for the additional tips Christian!

Regards,
RJ

You're welcome, RJ ! :)

Regards,
Christian

Interestingly, both CentOS 7.9 and Oracle Linux 7.9 include rsh.

Hi Robert,

RHEL 7 as well -> https://access.redhat.com/downloads/content/rsh/0.17-80.el7/x86_64/fd431d51/package ... :)

Regards,
Christian

Thanks, apparently I was confused by the claim "it seems to be gone already in 7.9".

Hi Robert,

It confused me a bit too, and that's why I checked if the package (still) exists in the RHEL 7 repos. :)

Regards,
Christian

For anyone who arrives here - ever since Red Hat Linux version 4, rsh has been considered not secure and a security vulnerability.. If anyone really does use rsh just because it is there, they should only do so for a limited time, (but really, not at all), and really consider more secure means of fulfilling their goal.

Here's just one example of why not to use from this link. That aside, it's plain-text unencrpyted and your passwords can be easily harvested from a third party.

rsh used .rhosts files and /etc/hosts.equiv for authentication. These methods relied on IP addresses and DNS (Domain Name System) for authentication. However, spoofing IP addresses is fairly easy, especially if the attacker is on the local network, and at the time it could even be done remotely.

Other notable places recommended against rsh as far back as Red Hat version 3.

Due to important security issues with rsh, I'd seriously recommend against picking rsh, consider previous tips and suggestions.

Kind Regards,
RJ

Thanks for putting even more emphasis on this matter, RJ ! You are so right telling customers to stay away from
rsh. Good thing is that Red Hat doesn't provide the package for the newer RHEL 8 version at least anymore ... :)

Regards,
Christian

Of course we understand the security implications of rsh, but in our case we have an embedded system connected to a PC via a direct cable, which needs to use rsh during boot. We can not change the firmware on the embedded system. To remove rsh completely as has happened with RHEL 8 is patronising and blinkered; a lot of industrial applications do not communicate on a public network. Ditto ftp.

Fortunately I found it in the codeready-builder-for-rhel-8-x86-64-rpms repo, which you can enable with subscription-manager on RHEL 8.