PIX 515 - Timeout value for rsh protocol

a.manosca · ‎07-06-2003

The command 'show timeout rsh' will display the timeout value for the rsh protocol. Is it possible to change the timeout value from the PIX? If yes, how?

I cannot verify this myself because I do not have access to the pix. This is a customer query that I need to verify before responding.

Thanks in advance.

gfullage · ‎07-06-2003

I don't believe you can set or show the value for the rsh protocol, this protocol doesn't have its own timers and would just fall under the normal conn/xlate timeouts.

pix# sho timeout rsh

Invalid keyword: "rsh"

Usage: timeout [conn|half-closed|h323|h225|mgcp|rpc|sip|sip_media|uauth|udp|xlate

[...]]

show timeout [conn|half-closed|h323|h225|mgcp|rpc|sip|sip_media|uauth|udp|

xlate]

pix#

a.manosca · ‎07-06-2003

Thanks for the reply and my apologies for the wrong command. I just assumed I can use the same command for rsh, based on the 'show timeout sip' command.

So that means there's no specific command to display or set the timeout period for rsh. I believe rsh uses TCP port 514 and does the 'timeout conn hh:mm:ss' command apply to all TCP ports running through the PIX?

Thanks again.

mostiguy · ‎07-07-2003

There does not appear to be any rsh specific setting.

I would recommend trying to get them to avoid using unencrypted rsh anyhow. If they do need to use it, it ought to be through an IPSec tunnel, but they probably could use ssh as a much more secure replacement instead.