
How Can I Tell what Username RSH sends from SUA?

I am on a Windows Vista 64-bit Enterprise machine with Subsystem for Unix Applications installed and the applications downloaded. I am attempting to use RSH to connect to a FreeBSD server. The command I would like to execute is:

rsh command

The .rhosts file in my home directory on looks like this:

+ myusername
+ mydomain\myusername
+ mydomain/myusername
+ myusername@mydomain
+ +
mycomputer.suffix2 myusername
mycomputer.suffix2 + myusername +

I know + + is bad, but let's ignore that for now. When I run this:

rsh command

I get the following error:

rshd: Login incorrect.

However, when I run

rsh -l myusername command

this works flawlessly. What I'd like to know is:

  1. What is SUA sending as the username when I don't specify it via -l?
  2. How can I change what SUA is sending?

I'm assuming that here SUA is sending some form of mydomain\myusername, but I'm wondering what other entries I might need to make to the rhosts file to allow this and why the + + isn't allowing this?


  • I would guess that examining syslog (or another appropriate log?) on the freebsd box could give you the login name from the failed login. On my linux machine I get the lines like the following from the frequent ssh attacks:

    May 19 19:57:40 anton sshd[29795]: Failed password for invalid user mercedes from port 49198 ssh2
    May 19 19:57:40 anton sshd[29796]: Received disconnect from 11: Bye Bye
    May 19 19:57:45 anton unix_chkpwd[29802]: password check failed for user (games)
    May 19 19:57:45 anton sshd[29799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=  user=games
    May 19 19:57:48 anton sshd[29799]: Failed password for games from port 49956 ssh2

    This is from sshd, but I would be surprised if not rshd is not able to log something similar (although it might be off by default and needs to be enabled).

    For guesses on what the rsh client made by microsoft gets the name from I have few ideas. A traditional unix rsh would of course get the name from /etc/passwd, reading it indirectly with getpwent() (failing that it might fall back to environmental variables LOGNAME or USER?). Is "myusername" present in c:\windows\system\etc\passwd (or whatever SUA maps as /etc/passwd)?