Radio Shack FC-241 Configuring a Router to Use rsh and rcp, Disabling DNS Reverse Lookup for Rcmd

Page 8

Configuring Additional File Transfer Functions

Configuring a Router to Use rsh and rcp

Configuring a Router to Use rsh and rcp

Remote shell (rsh) gives users the ability to execute commands remotely. Remote copy (rcp) allows users to copy files to and from a file system residing on a remote host or server on the network. Cisco's implementation of rsh and rcp interoperates with the industry standard implementations.

Note Cisco uses the abbreviation RCMD (Remote Command) to indicate both rsh and rcp

The following tasks are covered in this section:

Specifying the Source Interface for Outgoing RCMD Communications

Disabling DNS Reverse Lookup for RCMD

Configuring a Router to Use rsh

Configuring a Router to Use rcp

Specifying the Source Interface for Outgoing RCMD Communications

You can specify the source interface for RCMD (rsh and rcp) communications. For example, the router can be configured so that RCMD connections use the loopback interface as the source address of all packets leaving the router. To specify the interface associated with RCMP communications, use the following command in global configuration mode:

Command

Purpose

 

 

ip rcmd source-interface interface-id

Specifies the interface address that will be used to label all

 

outgoing rsh and rcp traffic.

 

 

Specifying the source-interface is most commonly used to specify a loopback interface. This allows you to associate a permanent IP address with RCMD communications.

Having a permanent IP address is useful for session identification (remote device can consistently idendify the origin of packets for the session). A "well-known" IP address can also be used for security purposes, as you can then create access lists on remote devices which include the address.

Disabling DNS Reverse Lookup for RCMD

As a basic security check, the Cisco IOS software does a reverse lookup of the client IP address using DNS. This check is performed using a host authentication process.

When enabled, the system records the address of the requesting client. That address is mapped to a host name using DNS. Then a DNS request is made for the IP address for that host name. The IP address received is then checked against the original requesting address. If the address does not match with any of the addresses received from DNS, the RCMD request will not be serviced.

This reverse lookup is intended to help protect against "spoofing." However, please note that the process only confirms that the IP address is a valid routable address; it is still possible for a hacker to spoof the valid IP address of a known host.

Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.1

FC-248

Page 7 Page 9
Image 8
Page 7 Page 9
Contents FC-241 Configuring a Router as a ServerAdditional Functions Task List FC-242 Configuring a Router as a Tftp ServerPerforming Prerequisite Tasks Configuring the Server FC-243Configuring the Client Router FC-244FC-245 Client show versionFC-246 Configuring a Router as a Rarp ServerConfigures the router as a Rarp server Router a has the following configuration FC-247Configuring a Router to Use rsh and rcp Disabling DNS Reverse Lookup for RcmdOutgoing rsh and rcp traffic FC-248Configuring a Router to Use rsh Disables Domain Name Service DNS lookup for rsh and rcpMaintaining rsh Security CommunicationsExecuting Commands Remotely Using rsh FC-250Configuring a Router to Use rcp FC-251Configuring the Remote to Send rcp Requests FC-252Configuring a Router to Use FTP Connections FTP Configuration Task ListConfiguring FTP Connections FC-253FC-254
Top Page Image Contents