TCP/IP Remote Shell Service Topics | Previous | Next

Remote Shell Service Security

 

note-icon

Caution

The security model of RshSvc is similar to that of its UNIX equivalent. Because of this, users running RSH on remote computers, beyond those specified in the RHOSTS file, might be able to gain access to a computer running RshSvc.

The RHOSTS file must be in the %SystemRoot%\System32\Drivers\Etc\ directory. This file should contain one or more of the following type of entry (each entry should be on one line):

M1 U1 [U2 U3 ....]

[M2 U1 U2 U3 ....]

where

Mn
are the names of the computers from which the RSH client can be run.
Un
are names of the users who are permitted to access the Remote Shell Service.

RshSvc returns an "Access denied" message under the following conditions:

  1. The RSH client computer name is not specified in the RHOSTS file.
  2. The name of the logged-on user on the RSH client computer is not present in the RHOSTS files.
  3. RshSvc (using GetHostByName) failed to resolve the IP address of a computer specified in the RHOSTS files and a user is trying to access this service from that computer.
  4. In Windows 2000, the "Register this connection's address in DNS" option is checked; or in Windows NT 4.0, the "Use DNS for Windows Resolution" option is checked.