AIX 5L Configuring TCP/IP (Unit 03): Using TCP/IP Commands

Unit Objectives
———————–
Log into remote systems
Transfer files between systems
Execute commands on remote systems
Identify the files used for user authentication

Basic TCP/IP User Functions
——————————————-
Client (User Commands) ==> IP Network Transport ==> Server (daemons)

Two TCP/IP Application Types
1. ARPA Commands – telnet, ftp, rexec (one time execution)
2. Berkely Commands – rlogin(remote login), rcp (remote copy), rsh (remote shell)

$HOME/.netrc File
—————————-
Customization of FTP ARPA commands
To avoid being prompted for username and password and to execute pre-defined macros.

$ cat /home/team02/.netrc
machine sys2 login team02 password dalvm3 (Used by FTP and rsh commands)
macdef budget (macdef lines are only used by FTP commands)
type binary
cd /weekly/update
put monthly

Note: Must have an blank line between macros or machine statements

macdef inventory (runs the macro only when you type “$inventory”)
type ascii
get widget/wooden

machine sys4 login team03 password p4ccf22
macdef init (runs the macro automactically upon login, then quits)
put file1
put file2
quit

Note: Make sure that only the owner can read this file since the password is not encrypted.

/etc/ftpusers Files
—————————-
File created by root on the server (remote) machine that denies access to certain users from other hosts from using ftp

sys1-Client
$ whoami
team01
$ ftp sys2
User team01 access denied

sys2-Server
/etc/passwd
team01:

/etc/ftpusers
team01

Anonymous ftp Directory Tree
——————————————–
Allows users without passwords ftp access to a special ftp directory structure on the server
Script – /usr/samples/tcpip/anon.ftp (Sets up the environment for anonymous ftp)
root/home/ftp/pub….

rexec Command (Execute remotely one time commands)
————————————————————————————
rexec is interactive

sys1> rexec sys2 date
Name:
Password:
Returns the Date

sys1> cat /home/team02/.netrc
returns..
machine sys2 login team02 password yyyy
machine sys3 login team05 password yyyy

sys1> rexec sys2 date

rcp Command
———————-
rcp (Remote Copy)
sys1> whoami
team02
sys1> rcp filea sys2:fileb
sys1> rcp filea team04@sys2:fileb (overrides default user on the server)
sys1> rcp -p -r sys2:dir sys4:dir (third party copy – my client is not the source or the destination of the copy)

rsh Command (One time execution of a single command)
———————-
rsh (Remote Shell) is the equivalent of the rexec command

sys1> whoami
team02
sys1> rsh sys2 date
sys1> rsh sys2 -l team04 date (act as team04 on sys2, the default is team02)
sys1> rsh sys2 –> rlogin sys2 (acts like an rlogin when no command is given)

rlogin Command
————————
sys1> whoami
team02
sys1> rlogin sys2
sys1> rlogin sys2 -l team04

/etc/hosts.equiv File (Security for the Berkley Suite of commands)
————————————————————————————————
rlogin(remote login)
rcp (remote copy)
rsh (remote shell)

Note: Does not use the .netrc file for security

Defines which client host’s users are permitted to execute commands on the server host without supplying a password

sys1> whoami
team02

sys1> rcp filea sys2:fileb

/etc/passwd
team02:!:205::/home/team02:/usr/bin/ksh

/etc/hosts.equiv
sys1 (any user from that platform)
sys3 team03 (only team03)
sys4 -team01 (anyone but team01)
sys4 (any user from that platform, but above line)

Note: Two Restrictions:
1.You cannot access the server with root authority.
2. you can only act as the same user on the server as you were authenticated on the client.

$HOME/.rhosts
———————–
Defines a list of client users who are not required to supply a login password when they execute rcp, rlogin and rsh using a server user account.

/home/team04/.rhosts
sys1 team02

sys1> whoami
team02
sys1> rcp filea team04@sys2:fileb

Note: No restrictions. This can be risky if the user is compromised. Spoofing can also be used to compromise the system. Some forbid the use of /home/.rhosts files in the root home directory.

Which Commands Work?
————————————–
sys1 – rlogin, rcp, rsh
sys2 – rlogind, rshd

1. Check /etc/passwd
team03:!:206:1::/usr/bin/ksh:
team02:!:207:1::/usr/bin/ksh:

2. Check /etc/hosts.equiv
sys3
sys4

3. Check /home/team03/.rhosts
sys1 team03
sys1 team02
sys3 team02

4. Check /home/team02/.rhosts
sys1 team02
sys4 team05

sys1> whoami
team03
1. sys1> rlogin sys2 (Successful)
2. sys1> rcp team02@sys2:file3 file3 (retrieving a file from sys2) (Fails – Check 4)
3. sys1> rsh sys2 -l team01 pwd
4. sys1> rsh sys2

Making TCP/IP More Secure
——————————————-
The Berkeley commands (rsh, rcp, rlogin) and the tftp command allow access to a system without a password. This could introduce a security loophole into an otherwise secure system.

securetcpip will disable the following facilities:
– tftpd, rlogind,rshd daemons
– tftp, utftp, rlogin, rsh, rcp commands
– Ability to specify a password in .netrc files

Kerberos Version 5 support
– Authentication loadable module

chauthent command
lsauthent command

Showing User Information
————————————–
sys2$ finger @sys1 (list the users on the system and when they logged on)
sys2$ finger root@sys1

Showing Remote Hosts/Users
———————————————
sys1$ ruptime
sys1$ rwho
Note: The local and remote hosts must be running rwhod

Talk with Another User
————————————
sys1$ talk fred@sys2
(user fred will receive the following message)
Message from TalkDaemon@sys1 at 15:16…
talk: connection requested by john@sys1.
talk: respond with: talk john@sys1

to accept the invitation, fred enters:
sys2$talk john@sys1

Note: Use CTRL-C to decline or terminate the talk session.

Unit Summary
———————
Remote login commands are telnet and rlogin
File transfer commands are ftp, rcp and tftp
Remote execution commands are rexec and rsh
The Berkeley commands refer to /etc/hosts.equiv and/or $HOME/.rhosts for user authentication
ARPANET commands use /etc/passwd or $HOME/.netrc for user authentication

Lab or Exercise 3
—————————
1. Make sure that the inetd daemon is running.
sys3# lssrc -s inetd (-s=subsystem)
Note: If the status is not active then use startsrc… command to start it.

2. Verify the contents of the /etc/inetd.conf file (deamons that run when request is made)
sys3# more /etc/inetd.conf
Note: The port number for these daemon services is listed in the /etc/services file.

who am i – shows who I logged in as originally
whoami – shows who I am right now.
pwd – shows where I am
hostname – shows the current host name

tn sys 3 or telnet sys3
vi tndoc – create a test document
ls -l – display the file

sys2> rexec sys3 date
sys2> vi .netrc
machine sys3 login tcp2 password tcp2

rexec sys3 date
Error – .netrc file not correct mode.
Remove password or correct mode.
chmod 600 .netrc (only owner has acces)
set -o vi (sets the retrieve option on the command line)
rexec sys3 date

Add macro to .netrc file
vi .netrc
macdef init (automatically executes when running ftp)
get tndoc ftpdoc
cd /home
pwd
quit

ftp sys3 (logs in and runs the macro)

Interactive Session using rlogin
rlogin sys3 -l tcp2 (act as tcp2)
hostname

vi .rhosts
sys2 tcp1

rlogin sys3 -l tcp2 (no prompt for userid password this time)

vi /etc/hosts.equiv (on sys3)
sys2 tcp1

su – tcp1
vi rcpdoc
This is a test doc.

sys2> rsh sys3 ps -ef | more

whoami
tcp2
sys2>rsh sys3 ps -ef | more
Permission Denied

su – tcp1
whoami
rcp sys3:rcpdoc myrcpdoc
ls

Leave a Reply

Your email address will not be published. Required fields are marked *

*