Operating System - OpenVMS
1748282 Members
3959 Online
108761 Solutions
New Discussion

Re: RSH between OpenVMS machines without password

 
SOLVED
Go to solution
smsc_1
Regular Advisor

RSH between OpenVMS machines without password

Hello people, first of all, I'm not  an OpenVMS expert. What I'm trying to do is quite simple on Linux, but I'm stuck on OpenVMS.

 

I want  use RSH between two OpenVMS machines (one V7.,2 and other one V8.3-1H1) WHITHOUT USING A PASSWORD. This because I need to execute a remote script, but I don't want "share" the password in the main script.

 

RSH works fine on te source machine, but, for sure ask me for a  password.

The simple question is, is there a way to avoid password request?

 

Thanks

./ Lucas
17 REPLIES 17
Hoff
Honored Contributor

Re: RSH between OpenVMS machines without password

Use ssh (details here), not rsh.   ssh can do remote logins and can also execute single commands, and certificate-based no-password or passphrase-based logins.  And FWIW, rsh, telnet, ftp and related are old, and lack any form of security; these tools expose your credentials.  (If the security of your authentication credentials is a concern, then these older protocols are Bad News.)

 

If security isn't a particular concern and you have a DECnet connection (whether DDCMP or DECnet-Plus / DECnet Phase V over IP) between these systems, then you can use DECnet and DCL and proxies.  No need for ssh nor rsh or related.  Somewhat simpler (but also somewhat less capable) is SUBMIT /REMOTE command.

 

More advanced are distributed task management tools; task and batch and process schedulers.  VMS lacks basic scheduling tools, but there are add-on tools that can potentially allow you to reach your general goals here.  And an intermediate step up from the SUBMIT /REMOTE command is the HP DQS package; the distributed queue services package.

 

edit: The link color scheme here really obscures the embedded links, too.

Steven Schweda
Honored Contributor

Re: RSH between OpenVMS machines without password

 
smsc_1
Regular Advisor

Re: RSH between OpenVMS machines without password

 

Thanks for reply, SSH could be the solution, however the security is not important in my case since both machines are in the same LAN behind a multiple firewalls!

 

The problem is that in the source machine there's no SSH client/server installation:

ABCD31:SYSTEM> ssh
%DCL-W-IVVERB, unrecognized command verb - check validity and spelling
 \SSH\

 

 
  Compaq TCP/IP Services for OpenVMS Server Components Configuration Menu
   Configuration options:
     1 - BIND         Disabled Stopped      12 - NTP          Enabled  Started   
    2 - BOOTP        Disabled Stopped      13 - PC-NFS       Disabled Stopped   
    3 - DHCP         Disabled Stopped      14 - POP          Disabled Stopped   
    4 - FINGER       Disabled Stopped      15 - PORTMAPPER   Disabled Stopped   
    5 - FTP          Enabled  Started      16 - RLOGIN       Enabled  Started   
    6 - IMAP         Disabled Stopped      17 - RMT          Disabled Stopped   
    7 - LBROKER      Disabled Stopped      18 - SNMP         Enabled  Started   
    8 - LPR/LPD      Disabled Stopped      19 - TELNET       Enabled  Started   
    9 - METRIC       Disabled Stopped      20 - TFTP         Disabled Stopped   
   10 - NFS          Disabled Stopped      21 - XDM          Disabled Stopped   
   11 - LOCKD/STATD  Disabled Stopped                                           
                                                                                
     A  -  Configure options 1 - 21
   [E] -  Exit menu

 

tcpip show version:
  Compaq TCP/IP Services for OpenVMS Alpha Version V5.3 - ECO 2
  on a AlphaServer ES40 running OpenVMS V7.3-1 

 

Well, as already told I'm not OpenVMS expert, so, is there any way to "EASY" install SSH client/server protocol?

 

Also, Decnet is present between the machines, I already use it to copy files:

ABCD31:SYSTEM>COPY LOG.TXT BCDE41::$1$DKA101:[000000]LOG.TXT

 

Could you please advice on how execute remote script using decnet?

 

./ Lucas
Mike Kier
Valued Contributor

Re: RSH between OpenVMS machines without password

Since you have DECnet available you might want to look at the help for SUBMIT /REMOTE and also read up on DECnet proxies.

Practice Random Acts of VMS Marketing
Andy_Bustamant2
Advisor

Re: RSH between OpenVMS machines without password

Another option for remote management is using SYSMAN.

 

$ MCR SYSMAN

> HELP SET ENVIRONMENT

> HELP DO

 

Sometimes mistaken for a cluster management option, sysman allows remote management of multiple stand alone nodes as well.

 

 

Hoff
Honored Contributor

Re: RSH between OpenVMS machines without password

I linked to an example of the DCL you are requesting.  

 

(And yes, the default link color scheme used in postings around here isn't as visible as it probably should be.)

 

Your TCP/IP Services version is too old to have ssh.  There was an experimental version back then, but that'd very stale now, and vulnerable.

 

(Consider upgrading TCP/IP Services and/or VMS, too; a whole lot of the versions are undergoing support status transitions circa 1-Jan-2013, and V7.3-1 went off of support in 2005 or so.)

 

Firewalls aren't a panacea; it's fairly common for folks to use attack techniques that bypass or that drill through those these days. (And FWIW, the DEFCON SMG privilege bugs are likely present in that VMS version, too.)

smsc_1
Regular Advisor

Re: RSH between OpenVMS machines without password

Well, unfortunately I cannot upgrade the TCP stack since the machine is in prodution and cannot be stopped! :(

 

However, I tried the SUBMIT /REMOTE command and it works, the bad news is that I need to run a remote script that call another script. With RSH this works, but with SUBMIT this doesn't work.

 

I'll try SYSMAN environment to test if it works!

       

      

./ Lucas
Volker Halle
Honored Contributor

Re: RSH between OpenVMS machines without password

smsc_1,

 

with SUBMIT/REMOTE you submit a DCL procedure, which is existing on the remote node, to the default SYS$BATCH queue on the remote node with an implicit SUBMIT/NOKEEP. The batch job executes under the user, which is used for Decnet access, which could be the default DECnet account, the default FAL$USER account or the DECnet proxy account, if one exists matching the user and nodename from which the SUBMIT/REMOTE command has been executed.

 

You can certainly invoke sub-procedures from this procedure. You need to become aware of the account, under which the remote procedure executes and the login-directory for that account. If you add the following command into the DCL procedure, the .LOG file will not be printed and deleted:  $ DEFINE SYS$PRINT NLA0:

 

Volker.

smsc_1
Regular Advisor

Re: RSH between OpenVMS machines without password

 

Thanks for your feedback Volker,

this is what I tried:

 

mainscript.com (on remote machine)

copy dka100:[log]test.log dka101:[000000]

 Then execute it on local machine with:

SUBMIT /REMOTE ABCD::DKA101:[SCRIPTS]mainscript.com

 This works fine, but if I add the following line on mainscript.com:

 

copy dka100:[log]test.log dka101:[000000]
@DKA101:[SCRIPTS]test.com

Well, again, the copy command works, but the test.com script was not executed.

 

 

 

./ Lucas