HPE Community
Operating System - HP-UX
1829103 Members
2837 Online
109986 Solutions
New Discussion

As root, can't rlogin from particular server without password

 
SOLVED
Go to solution
Jay Core
Frequent Advisor

‎01-08-2004 08:24 AM

‎01-08-2004 08:24 AM

As root, can't rlogin from particular server without password

Hello,

strange problem. As root, I want to be able to rlogin from host7 and host8 to host9, without supplying a password. While I am able to do this from host8 to host9 with no problem, whenever I rlog from host7 to host9, the system asks for a password. inetd.sec is not setup on any of the servers, and here is the .rhosts file on host9:

#more .rhosts
host7
host7.long.name.net
host8
host8.long.name.net

I do not want to add +root to .rhosts, because I only want to be able to rlogin as root without a password from these 2 specified servers.

What am I missing??

Thanks,
Joe
0 Kudos
Reply
24 REPLIES 24
Chris Watkins_1
Respected Contributor

‎01-08-2004 08:29 AM

‎01-08-2004 08:29 AM

Re: As root, can't rlogin from particular server without password

Make sure host7's entry is correct in host9's /etc/hosts file,
or that it gets the correct info from DNS if you're using DNS.
Not without 2 backups and an Ignite image!
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎01-08-2004 08:35 AM

‎01-08-2004 08:35 AM

Re: As root, can't rlogin from particular server without password

Try with ipaddress instead of ipaddress
Also put root infront of ipaddress or hostname

host7.long.name.net root
xx.xx.xx.xx root

-USA..
Good Luck..
0 Kudos
Reply
Vijaya Kumar_3
Respected Contributor

‎01-08-2004 08:45 AM

‎01-08-2004 08:45 AM

Re: As root, can't rlogin from particular server without password

Some more thoughts for troubleshooting:

Check host7 is able to connect to any other host using rlogin? Can you check the permission for .rhosts file? Any DNS issues with host7?

One more link:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=64497

-Vijay
Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-08-2004 08:48 AM

‎01-08-2004 08:48 AM

Re: As root, can't rlogin from particular server without password

Chris - thanks - good thought - the IP was correct in /etc/hosts

Uday - thanks - I tried with short name, long name, and IP, and put root after them, and it didn't work.

I'll keep looking.

Thanks,
Joe
0 Kudos
Reply
Chris Watkins_1
Respected Contributor

‎01-08-2004 08:52 AM

‎01-08-2004 08:52 AM

Re: As root, can't rlogin from particular server without password

You might try adding a hosts.equiv file, but that's masking the problem.

In the same format as .rhosts, ie...

cat /etc/hosts.equiv

hostname root
hostname2 root
etc... root
Not without 2 backups and an Ignite image!
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-08-2004 08:58 AM

‎01-08-2004 08:58 AM

Re: As root, can't rlogin from particular server without password

Vijay,

thanks. host7 can connect to any other host with no problem. .rhosts is set at 600, on host9, and DNS is fine, both forward and reverse.

Joe
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-08-2004 09:01 AM

‎01-08-2004 09:01 AM

Re: As root, can't rlogin from particular server without password

Chris,

thanks - like you intimated, I do want to get to the "root" of the problem - so I'll use your solution as a last resort.

No offense
Thanks,
Joe
0 Kudos
Reply
Vijaya Kumar_3
Respected Contributor

‎01-08-2004 09:04 AM

‎01-08-2004 09:04 AM

Re: As root, can't rlogin from particular server without password


One more thought:

Is Host7 running MC/Serviceguard?

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=138299

-Vijay
Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-08-2004 09:11 AM

‎01-08-2004 09:11 AM

Re: As root, can't rlogin from particular server without password

Vijay - no ServiceGuard

thanks,
Joe
0 Kudos
Reply
G. Vrijhoeven
Honored Contributor

‎01-08-2004 09:44 AM

‎01-08-2004 09:44 AM

Re: As root, can't rlogin from particular server without password

Hi,

just a question but do you have NIS configured?
Do you have the same OS levels/patch levels on all servers?

Gideon
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-08-2004 09:48 AM

‎01-08-2004 09:48 AM

Re: As root, can't rlogin from particular server without password

Hi G.,

We do have NIS configured on host7, not host8 or host9. I didn't think this would be an issue?? Also, all 3 servers are at very similar patch levels running 11.0.

Thanks,
Joe
0 Kudos
Reply
G. Vrijhoeven
Honored Contributor

‎01-08-2004 09:59 AM

‎01-08-2004 09:59 AM

Re: As root, can't rlogin from particular server without password

Hi Joe,

I found a patch that might interest you.

http://www5.itrc.hp.com/service/patch/patchDetail.do?BC=patch.breadcrumb.main|patch.breadcrumb.search|&patchid=PHNE_23003&context=hpux:800:11:00

Check:

PHNE_17028:

1. When the patch PHNE_16091 is installed, remshd/rexecd
fails to transmit the error message to the client. When
the user gives invalid input to remsh/rexec, then the
error message will not be displayed to the user.
This happens only when the user is in ksh.

2. In NIS environment, rlogin prompts for the password
even if there is an entry in the .rhosts file. Even
if the user tries to give the password, it will report
as Login incorrect.



HTH.

Gideon
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-08-2004 10:11 AM

‎01-08-2004 10:11 AM

Re: As root, can't rlogin from particular server without password

Gideon,

thanks! I do have this patch on my system. Let me check this out fully tomorrow, and I'll assign you the full 10 points if this fixes it - thanks!

Joe
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎01-08-2004 05:29 PM

‎01-08-2004 05:29 PM

Re: As root, can't rlogin from particular server without password

One more thing you can test: do the rlogin to get to host9 from host7 and look at the output of 'netstat -af inet'. Look for lines on the login port and see what name host7 has in those lines. Perhaps there is a IP domain issue or it is using a network route you didn't anticipate...
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Todd McDaniel_1
Honored Contributor

‎01-09-2004 06:11 AM

‎01-09-2004 06:11 AM

Re: As root, can't rlogin from particular server without password

Joe,

First, I would recommend that you make sure your services are all running just in case.


Next, I would NOT recommend using /etc/hosts.equiv, It can be more dangerous than merely using .rhosts. From the manpage....

quote: "The
/etc/hosts.equiv file defines system-wide equivalency, whereas a
user's .rhosts file defines equivalency between the local user and any
remote users to whom the local user chooses to allow or deny access."

end quote

Of course with root you will have full equivalency but .rhosts is less of a hole than hosts.equiv will be. As a rule, I usu avoid it, if at all possible.


IN addition, I would ask you to check the file /etc/hosts.allow and hosts.deny... to ensure you dont have anything configured there to prevent connection.

OR you may need to ADD a lines like this...

rlogind : all : banners=/usr/localcw/opt/sysguard/banners : allow
remshd: all : banners=/usr/localcw/opt/sysguard/banners : allow
rexecd : all : banners=/usr/localcw/opt/sysguard/banners : allow
Unix, the other white meat.
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-09-2004 09:14 AM

‎01-09-2004 09:14 AM

Re: As root, can't rlogin from particular server without password

Gideon,

thanks again, but I do have the PHNE_23003 on our server, and we are able to log into the server when
the password is entered.

Thanks again,
Joe



Elmar,

something on the login lines of the output of the "netstat -af inet" command looks a little
kludgy. I am holding off issuing ppoints, because if this solves the problem
I want to give you the full 10.

Thanks,
Joe



Todd,

thanks - all my services are running. I am not using hosts.equiv. I do not have a hosts.allow
or a hosts.deny file. As far as adding those lines, I'm a little leery doing this because none
of the other servers need these entries and are working fine.

Thank you, though, for all your input.
Joe
0 Kudos
Reply
Todd McDaniel_1
Honored Contributor

‎01-09-2004 09:17 AM

‎01-09-2004 09:17 AM

Re: As root, can't rlogin from particular server without password

No points here...

yes that was only a suggestion if you were using the hosts.allow and deny files...

If you aren't using them then you won't usually have the files at all. so disregard that portion.
Unix, the other white meat.
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-09-2004 09:46 AM

‎01-09-2004 09:46 AM

Re: As root, can't rlogin from particular server without password

Thanks Todd,

Dude - I gotta give at least 1 point for the reply - thanks.

Joe
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-09-2004 09:47 AM

‎01-09-2004 09:47 AM

Re: As root, can't rlogin from particular server without password

Hmmm, it didn't let me give you a point - sorry.
0 Kudos
Reply
Michael Schulte zur Sur
Honored Contributor

‎01-09-2004 09:54 AM

‎01-09-2004 09:54 AM

Re: As root, can't rlogin from particular server without password

Hi,

when I rlogin to a machine and it requires me to enter the password even though it shouldn't, I do it and use w to look, what the machine thinks, I am coming from. This I put in .rhosts and /etc/hosts.

greetings,

Michael
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-21-2004 07:18 AM

‎01-21-2004 07:18 AM

Re: As root, can't rlogin from particular server without password

Thanks to all who replied - still no solution - I'm going to break down and call the Response Center.

Joe
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-21-2004 07:30 AM

‎01-21-2004 07:30 AM

Solution

Re: As root, can't rlogin from particular server without password

Hi Joe,

There are quite a few messages in this thread. This suggestion probably might have been given.

Try enabling logging with inetd and observe as what this server is getting in as.

inetd -l (on host9)

tail -f /var/adm/syslog/syslog.log (on host9)

from host7, now do a 'rlogin host9' and now see what system name is appearing in the syslog and make sure that system name is specified in your .rhosts.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Kenneth Platz
Esteemed Contributor

‎01-21-2004 07:32 AM

‎01-21-2004 07:32 AM

Re: As root, can't rlogin from particular server without password

When you login to your system from host7 and host8, run the command "who -u am i", and use that hostname in your .rhosts.

It may be that you are on a multihomed system, and coming in over an IP address you're not necessarily expecting.
I think, therefore I am... I think!
0 Kudos
Reply
Jay Core
Frequent Advisor

‎01-21-2004 09:11 AM

‎01-21-2004 09:11 AM

Re: As root, can't rlogin from particular server without password

Kenneth - no luck - only coming up as root, which I already knew about - thanks, though.

Sridhar - congrats! This tracking option pointed me to the problem! An old/invalid IP showed up in the syslog after I enabled logging - now I can troubleshoot it - thanks again.

Joe
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.