|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
rshd on OpenBSD
I know OpenBSD has been removed rshd from the default install, but is it available in ports or anywhere? If no, where are the sources? Can i install it from inettools?
Last edited by TCH; 8th July 2022 at 08:48 PM. |
|
|||
I don't know if they are available through ports. You can search the ports at https://openports.pl
https://cvsweb.openbsd.org/cgi-bin/c...c/usr.bin/rsh/ has the source code of rsh I saw rcp in src/bin. You can look in the other (s)bin directories for the other r-commands. OpenBSD 2.2 has a man page : rshd(8) For those who wonder what rshd and the the other r-command did/do see https://en.wikipedia.org/wiki/Berkeley_r-commands
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 9th July 2022 at 12:00 AM. |
|
||||
As J65nko has noted, OpenBSD's source code repository contains its complete history, so if you want to dig through old unsupported code, you can do so.
Here's a link to the rshd(8) source code through the CVSWeb portal: http://cvsweb.openbsd.org/cgi-bin/cv...exec/rshd/?f=h -- available to you through that portal, through the cvs(1) utility and any of the Project's AnonCVS servers, and also through the Project's src repository Github mirror https://github.com/openbsd/src, though git repositories are not so easily browsed for deleted components. In CVS repositories, they're "moved to the Attic." Last edited by jggimi; 9th July 2022 at 12:05 AM. Reason: clarity |
|
|||
Thank you guys for the sources and the tips. (Ports unfortunately do not contain rsh.)
I need to "reanimate" this, unless i can turn off the encryption of SSH. What i need is a remote shell connection between two very old and strictly in-home machines sitting on LAN, so encryption between them is nothing but unnecessary resource-hogging. |
|
||||
I wish you luck with your project!
I happen to run SSH and WireGuard on systems which have 32-bit 500MHz Geode CPUs, and only 256MB RAM. These systems are my primary routers. On these systems, I don't find encryption to be a significant processing burden. Instead, the key burden is KARL, and that's because of the slow speed of their compact flash storage media. Both SSH and WireGuard happen to (currently) use the ChaCha20 cipher with Poly1305 authentication. |
|
|||
Thank you.
It is not a burden that significant here either. It is rather a matter of principle. (And matter of accumulator capacity...) |
|
|||
What are the dependencies of rshd? I tried to compile it and the result was
Code:
cc -O2 -pipe -Wall -Wno-unused -MD -MP -c rshd.c rshd.c:154:14: error: use of undeclared identifier 'NCARGS' char cmdbuf[NCARGS+1], locuser[_PW_NAME_LEN+1], remuser[_PW_NAME_LEN+1]; ^ rshd.c:155:22: error: use of undeclared identifier 'MAXHOSTNAMELEN' char remotehost[2 * MAXHOSTNAMELEN + 1]; ^ rshd.c:156:23: error: use of undeclared identifier 'MAXHOSTNAMELEN' char hostnamebuf[2 * MAXHOSTNAMELEN + 1]; ^ rshd.c:335:25: error: use of undeclared identifier 'remuser' getstr(remuser, sizeof(remuser), "remuser"); ^ rshd.c:335:9: error: use of undeclared identifier 'remuser' getstr(remuser, sizeof(remuser), "remuser"); ^ rshd.c:336:25: error: use of undeclared identifier 'locuser' getstr(locuser, sizeof(locuser), "locuser"); ^ rshd.c:336:9: error: use of undeclared identifier 'locuser' getstr(locuser, sizeof(locuser), "locuser"); ^ rshd.c:338:17: error: use of undeclared identifier 'locuser' pwd = getpwnam(locuser); ^ rshd.c:342:7: error: use of undeclared identifier 'remuser' remuser, hostname, locuser, cmdbuf); ^ rshd.c:342:26: error: use of undeclared identifier 'locuser' remuser, hostname, locuser, cmdbuf); ^ rshd.c:351:7: error: use of undeclared identifier 'remuser' remuser, hostname, locuser, cmdbuf); ^ rshd.c:351:26: error: use of undeclared identifier 'locuser' remuser, hostname, locuser, cmdbuf); ^ rshd.c:360:7: error: use of undeclared identifier 'remuser' remuser, hostname, locuser, cmdbuf); ^ rshd.c:360:26: error: use of undeclared identifier 'locuser' remuser, hostname, locuser, cmdbuf); ^ rshd.c:383:6: warning: implicit declaration of function 'iruserok_sa' is invalid in C99 [-Wimplicit-function-declaration] iruserok_sa(fromp, fromp->sa_len, pwd->pw_uid == 0, ^ rshd.c:384:6: error: use of undeclared identifier 'remuser' remuser, locuser) < 0)) { ^ rshd.c:384:15: error: use of undeclared identifier 'locuser' remuser, locuser) < 0)) { ^ rshd.c:388:8: error: use of undeclared identifier 'remuser' remuser, hostname, locuser, __rcmd_errstr, ^ rshd.c:388:27: error: use of undeclared identifier 'locuser' remuser, hostname, locuser, __rcmd_errstr, ^ rshd.c:393:8: error: use of undeclared identifier 'remuser' remuser, hostname, locuser, cmdbuf); ^ fatal error: too many errors emitted, stopping now [-ferror-limit=] 1 warning and 20 errors generated. *** Error 1 in /root/openbsd-rshd (<sys.mk>:87 'rshd.o') |
|
|||
Okay, by adding sys/param.h to the includes, most of the errors are gone, but i now get this:
Code:
cc -O2 -pipe -Wall -Wno-unused -MD -MP -c rshd.c rshd.c:383:6: warning: implicit declaration of function 'iruserok_sa' is invalid in C99 [-Wimplicit-function-declaration] iruserok_sa(fromp, fromp->sa_len, pwd->pw_uid == 0, ^ 1 warning generated. cc -o rshd rshd.o ld: error: undefined symbol: __check_rhosts_file >>> referenced by rshd.c >>> rshd.o:(main) ld: error: undefined symbol: iruserok_sa >>> referenced by rshd.c >>> rshd.o:(doit) ld: error: undefined symbol: __rcmd_errstr >>> referenced by rshd.c >>> rshd.o:(doit) cc: error: linker command failed with exit code 1 (use -v to see invocation) *** Error 1 in /root/openbsd-rshd (<bsd.prog.mk>:126 'rshd') |
|
|||
Based on this source: https://github.com/openbsd/src/blob/.../net/ruserok.c
ruserok() is only a wrapper/translator to iruserok_sa... How is that possible, if the latter one is removed for good? |
|
|||
Since .rhosts was also removed in 5.6 anyway, the lines with "__check_rhosts_file" can be commented out.
As for "__rcmd_errstr", those lines can be commented out too, as it is only for logging. Only iruserok_sa remains. |
|
|||
By gathering the required stuff from the github link above, it has been successfully compiled. However, it fails right at the start, when
Code:
getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) How did this work before...? O_O It was like this even from the start... |
|
|||
The ssh version 1 protocol supported the option Cipher none to turn off encryption. See https://openssh-unix-dev.mindrot.nar...e-alternatives
Installing an old OpenBSD version is not an option? For transferring files without encryption you can use ftp(1) or nc(1) There is also telnet(1). Keep in mind that OpenBSD only has the telnet client in the base install. There used to be a telnet server/daemon in ports. But I cannot find it in https://openports.pl/search?file=&de...y=&maintainer= anymore .....
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 9th July 2022 at 10:40 PM. |
|
|||
Unfortunately the Cipher none option is no longer available. AFAIK.
No, an old OpenBSD is not suitable for me, this has to be up to date. ftp is planned, but i need a remote shell too. The telnet client would do for me, but the daemon was last available in OpenBSD 3.7, so breathing life into that would be even harder than unto rsh... |
|
||||
I'm going to suggest a netcat solution. On OpenBSD, this is the nc(1) command. You can create a "reverse shell" easily with netcat variants that bind stdin/stdout to a command. OpenBSD's nc(1) doesn't have this, but you can bind them manually with an intermediate FIFO file. Here's an example of creating an insecure shell server with ksh(1):
Code:
$ cd /tmp $ mkfifo fifo $ cat fifo | ksh -i 2>&1 | nc -l 1234 > fifo $ nc server 1234 .
|
|
|||
You rock man!
Thanks. With this trick, i came up with this "daemon shell script" as a solution: Code:
#!/bin/sh L="/var/run/ncsh.pid" P=`cat "$L" 2>/dev/null` if [ "$P" != "" ]; then kill -0 "$P" R="$?" else R="1" fi if [ "$1" = "stop" ]; then if [ "$R" = "0" ]; then rm "$L" kill -9 "$P" fi exit 0 else if [ "$R" = "0" ]; then exit 0 fi fi echo "$$" > "$L" while [ -f "$L" ]; do F=`mktemp` rm "$F" mkfifo "$F" cat "$F" | ksh -i 2>&1 | nc -l 1234 > "$F" rm "$F" done |
|
|||
In the meantime, i have managed to reanimate rshd.
I copied back iruserok_sa() from ruserok.c with it's dependencies. Then it compiled. Patch is here. Then i grabbed the sources of rlogind from above and did the same things to it than rshd.c. Patch is here. rlogind's Makefile also had to be adjusted a bit: the Kerberos part must be removed. Patch is here. Now, the last part is /etc/inetd.conf has to contain this: Code:
shell stream tcp4 nowait root /usr/local/bin/rshd rshd login stream tcp4 nowait root /usr/local/bin/rlogind rlogind Code:
<your.lan.ip.address> <your user> Last edited by TCH; 13th July 2022 at 02:00 PM. |
|
|||
Glad somebody found it useful.
|
|
|