cancel
Showing results for 
Search instead for 
Did you mean: 

Can't rsh to a RHAS2.1

kenny chia
Regular Advisor

Can't rsh to a RHAS2.1

Hi
I am trying to do a rsh to a RHAS2.1 server from another RedHat6.2 server but it failed

(redhat 6.2 server)$ /usr/bin/rsh -l mon 192.168.23.54 'ls'
"192.168.23.54: Connection refused" message

On the RHAS2.1 server, there are no logs that indicate the failure in the /var/log/messages

In /etc/xinetd.d/rsh, disable=no

On the RHAS2.1 server, the user mon can rsh to itself without any problems

what could be the problem?
All Your Bases Are Belong To Us!
11 REPLIES
Ermin Borovac
Honored Contributor

Re: Can't rsh to a RHAS2.1

Is iptables firewall on RHAS 2.1 server active?

# iptables -L
Bojan Nemec
Honored Contributor

Re: Can't rsh to a RHAS2.1

Kenny,

On my RH 8.0 I must set a list of trusted hosts and users for rsh in /etc/hosts.equiv in a format:

[+|-] [hostname] [username]

Please see man hosts.equiv.

Bojan
kenny chia
Regular Advisor

Re: Can't rsh to a RHAS2.1

The RHAS2.1 server is allowing ssh, does that mean that rsh cannot be used?
All Your Bases Are Belong To Us!
Bojan Nemec
Honored Contributor

Re: Can't rsh to a RHAS2.1

This are two different things. ssh and rsh have very similar functionality but they are two different programs with two different daemons. It is better practice to use ssh because the communication is cripted.

So if you want to use rsh you need to specify which users and hosts you trust.

For the ssh security see man ssh.

Bojan
Bojan Nemec
Honored Contributor

Re: Can't rsh to a RHAS2.1

Sorry,

Rereading my post I see that I forgot to answer your question.
Both rsh and ssh can be used on the same system. They work on two different tcpip ports.

Bojan
Stuart Browne
Honored Contributor

Re: Can't rsh to a RHAS2.1

Ok, now as has been mentioned in a few other posts, the firewall. Need to make sure port 513 (I believe off the top of my head) is opened up from the RH62 server.

Next thing to do is to make sure that /etc/hosts.allow and /etc/hosts.deny aren't dis-allowing it (is there an ALL:ALL in '/etc/hosts.deny' ? or any reference to 'in.rshd' ?).

Other than that, refreshing the 'xinetd' config using 'service xinetd reload', and ensuring no errors show up in '/var/log/messages', and that the 'rsh' service is listed.

That should account for a 'Connection refused' error.
One long-haired git at your service...
kenny chia
Regular Advisor

Re: Can't rsh to a RHAS2.1

Hi

On the RHAS2.1 server, the user mon can rsh to itself without any problems

iptables is not enabled

I have added the entries into /etc/hosts.equiv

/etc/hosts.deny and /etc/hosts.allow are empty

I ran the command

service xinetd reload

/var/log/messages does not show that it is removed.

All Your Bases Are Belong To Us!
Jan Sladky
Trusted Contributor

Re: Can't rsh to a RHAS2.1

hi Kenny,
there is yet another way how to do it working

place on remote box into $HOME of connecting user file .rhosts with following line
box1 user1
box2 user1
(trused box and user)

boxes must be also in /etc/hosts

also check if all r

check also if rcpbind is running on remote box

rpcinfo -p

br Jan
GSM, Intelligent Networks, UNIX
Stuart Browne
Honored Contributor

Re: Can't rsh to a RHAS2.1

Jan is getting the closest.

As you are RSH'n from userA to user 'mon', the .rhosts for the 'mon' user needs to know that you're also coming from a different user.

rh62serv

Add that entry to mon's .rhosts file, and you'll get more joy.
One long-haired git at your service...
kenny chia
Regular Advisor

Re: Can't rsh to a RHAS2.1

Hi
IMHO I think there is no permission problems as it reported "Connection refused" rather than "Permission denied"

Could it be a pam problem?
this is the contents of my /etc/pam.d/rsh

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_rhosts_auth.so
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
All Your Bases Are Belong To Us!
Stuart Browne
Honored Contributor

Re: Can't rsh to a RHAS2.1

It could be, but 'Connection refused' usually means that something is not allowing it to connect rather than dropping the connection.

Ensure that the 'rsh' service is listening, using:

netstat -ntlp | grep xinetd

One of the listed ports should be 514 (Yes, I was wrong the other day).

If it's not, then use 'chkconfig rsh on' and do it again.
One long-haired git at your service...