1

A recent security audit says that we have machines in our network which are running "trust services such as Rexec, Rlogin and Rshell". It further says that these services can be used to "create a trust relationship between systems".

I tried to see whether commands such as rsh are present in the system and found that while rexec is not present, both rsh and rlogin are symlinks to ssh. What does that mean? Does ssh provide the functionality, or only its secure replacement?

How do I find whether the services are in fact running on the system (Debian) and how can I disable them?

Raystafarian
  • 21,963
  • 12
  • 64
  • 91
JohnEye
  • 1,534

1 Answers1

2

This sounds like a false positive to me. If the machines aren't running rshd or rexecd then it shouldn't be a problem. These were used before ssh existed and should be avoided since they only encrypt the authentication portion of the connection whereas ssh will encrypt the entire session.

As you can see, most machines won't even have the actual programs on the system and instead just symlink it to ssh (probably to still support older scripts written with these tools). RSH, RCP, and REXEC are explained here if you are interested more in the older programs.

alxjsn
  • 36