Remote Shell Inspections
Using a remote shell (rsh) application allows an administrator to run commands on a remote
computer running either an rsh service or an rsh daemon. Rsh uses two channels when
connected, with the first channel operating as the communications channel and the second
channel operating as an output for standard error. When a client first starts an rsh
connection, it opens a TCP channel from one of its high-order ports to port 514 on the server.
This works in the same way as the inspect ftp command.
To manage rsh traffic, you must enable the inspect rsh command in a class-map. When a
standard error message is received from the rsh server, the inspect rsh command will open a
temporary inbound opening through the Security Appliance for the standard error channel.
Once the rsh session is complete, the opening will be torn down.