topic Re: configure rsh in Operating System - Linux

configure rsh

Michael Chan_3 — Thu, 30 Aug 2001 13:19:48 GMT

I am running RH7.1, I've have taken step to turn rsh on by enabling it in /etc/xinetd.d. I've also put the address of the remote server in /etc/hosts.equiv however when I did an rsh from the remote host, it's still asking me for a password. Does any know how to open rsh up without prompting for a password.

Thanks in advance.

Re: configure rsh

Sachin Patel — Thu, 30 Aug 2001 15:24:13 GMT

Hi
You need .rhosts file for it. add the system name from where you are doing rsh
For example rsh from server1 to server2 as a root

add /root/.rhosts file and add server1 in it

It should work. you don't even need hosts.allow file.

Sachin

Re: configure rsh

Jerome Fenal_1 — Thu, 30 Aug 2001 17:13:51 GMT

Don't forget, when you are doing rsh being root, to either remove "securettys" lines in pam configuration, or to remove /etc/securetty file.
Otherwise, it would work for any user, except root.

Regards,

Jerome

Re: configure rsh

Michael Chan_3 — Thu, 30 Aug 2001 18:51:32 GMT

that's nice guys, but I want to be able to control who can rsh in and that's why I need /etc/hosts.allow because I've denied access in /etc/deny.allow, I've also had the name of the remote host in ~/.rhosts file. when rsh from remote host, it asks me for a password.

As for as root is concerned I already had it working with /etc/securettty in place. The trick to include rsh in it. Removing /etc/securetty is not a good idea. It's put in there for a purpose. I know openning rsh is not a good practice either, but I need it for budtools app. This why I need to put restrictions on the who can rsh in. For this purpose, I got the job done with rsh using root as the user to do my backup. But for education purposes, how can I do this for the regular user?

Thanks in advance.

Re: configure rsh

Mark Fenton — Fri, 31 Aug 2001 00:57:03 GMT

if you are also using pam, you may need to take a look at /etc/pam.d/rsh .

The entry you are looking for, I believe, would be
auth sufficient /lib/security/pam_rhosts_auth.so

if you don't want auth to ask for a passwd...

Re: configure rsh

Magdi KAMAL — Fri, 31 Aug 2001 15:14:20 GMT

Hi kc,

A agree with Sachin, but you need also to set owner:group for the $HOME/.rhosts

Example "Remote shell from server1 to server 2" :

1. Create, on server2, the file ".rhosts" in the home directory that you want a specific user to use the remote shell command. And put inside the server from which the remote command will be issued, like :

server1 +

2. Set permission to 400 on file .rhosts on server2:
#chmod 400 $HOME/.rhosts

3. chown userName:groupNmae .rhosts

Now, userName can issue remote shell commands from server1 to server2.

Magdi

Re: configure rsh

Gary Seibak — Fri, 31 Aug 2001 16:43:53 GMT

If it is still not working, one thing to check is:

telnet to target server from remote host. On target host do "who -u" to see what machine name is displayed. Make sure the machine name matches what is in .rhosts.

Re: configure rsh

Kodjo Agbenu — Fri, 31 Aug 2001 19:00:16 GMT

Hello,

I can't remember all the details, but there were an issue with some versions of rsh (the one I had problems with was shipped with RH7.0). To solve the problem, I had to re-install rsh from another RPM package.

Try something like this.

Good luck.

Kodjo

Re: configure rsh

Zeev Fisher — Sat, 01 Sep 2001 07:14:08 GMT

Hi,

What you need to do in addition to the .rhosts issue which was mentioned here is to add the word promiscuous to the /etc/pam.d/rsh file like the following :
auth required /lib/security/pam_rhosts_auth.so promiscuous

for rlogin there's a seperate file under /etc/pam.d

For root automatic rlogin you need to do additional thing like add the name of the service that you want to the /etc/securetty ( rlogin,rsh .. )