HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Login Incorrect From remsh

 
jakolodziej
Advisor

Login Incorrect From remsh

SysAdm Gurus:

 

The company I work for just purchased two rx2800 Integrity Servers running HP-UX 11i v3 (March 2014 patches) to replace three HP-9000 K-570 Servers running HP-UX 10.20. My assignment (along with a fellow Software Developer) is to get the new Integrity Servers running by "cloning" the old System. We have done quite a bit of work to get the Integrity System up, but we have a few minor, nagging problems. When we try to do a remsh, we get a "Login incorrect" error message. My initial investigation of this problem pointed to possible problems with files like /.rhosts;/etc/hosts;/etc/hosts.equiv;/var/adm/inetd.sec;etc. I have checked all the suggestions from past discussion group topics on this site, and I still have the problem.

I'll call my two Integrity Servers "srvrA" and "srvrB" for this problem. Both Servers are on the same subnet. The remsh command we are using is part of our Application software installation scripts. This script uses a userid I'll call "abcd" to remotely copy our software to the other servers. This remsh command is entered as root on srvrA, and the intent is to copy our Application software to srvrB, as abcd (this way we do not have to do a chmod and chown on srvrB after the rcp). Here is the command we use - again, I'll call the user "abcd":

    /usr/bin/su abcd -c "/usr/bin/remsh srvrA /usr/bin/rcp -p -r /tmp/foofile srvrB:/tmp/."

I turned on inet logging on srvrB, and I see the request coming into srvrB (as a shell/tcp line). I also looked at the output of lastb on srvrB, and an entry for abcd exists with the correct timestamp- so this verifies the login is incorrect. In addition to all the files I mentioned above that I believe are correct, I also checked there is a valid account for abcd on srvrB (and srvrA for that matter - our home directories are NFS-mounted and stored on our RAID array). I also tried an "updated" version of the command (remsh srvrB -l abcd "/usr/bin/rcp -p -r srvrA:/tmp/foofile /tmp/.") and still got the Login incorrect error. I also made a second attempt (remsh abcd@srvrB "/usr/bin/rcp -p -r /tmp/foofile srvrB:/tmp/.") , but this time I received an Unknown host error. Personally, I would like to keep the current command as-is (even if it's ineffecient) as we have made no changes so far because of ARIES. I also do not want to use more secure versions of the commands.

 

One last point. Our current K-Servers have no hosts file of any sort for the abcd user, and the remsh works. I did, however, create a /home/abcd/.rhosts file (that I believe is populated correctly), and this makes no difference.

 

Any help is appreciated.

 

Regards,

 

Jeff Kolodziej

jeffrey.a.kolodziej@nasa.gov

 

2 REPLIES
Bill Hassell
Honored Contributor

Re: Login Incorrect From remsh

There are several things going on here so time to simplify.

 

You need a hosts file with at least the two servers (A & B) listed.

You need to change the nsswitch.conf file to this:

 

passwd:       files
group:        files
hosts:        files [NOTFOUND=continue UNAVAIL=continue] dns
ipnodes:      files [NOTFOUND=continue UNAVAIL=continue] dns
services:     files
networks:     files
protocols:    files
rpc:          files
publickey:    files
netgroup:     files
automount:    files
aliases:      files

Remove or rename /etc/hosts.equiv if it exists.

Now populate your $HOME/.rhosts file with these entries (assumption is the abcd user on both ends need access):

 

srvra abcd

10.10.10.9 abcd

srvrb abcd

10.10.10.10 abcd

 

By using both the hostname and the IP address, one of them should match up.

You can have the same $HOME/.rhosts file on both machines.

And most important:

 

chmod 600 ~/.rhosts

remsh/rcp/rlogin will fail without the right permissions.

 

Test with a simple remsh from srvra:

remsh srvrb hostname
and
remsh abcd@srvrb hostname

 It will return "srvrb" indicating that the connection is correct and working.

 

>> /usr/bin/su abcd -c "/usr/bin/remsh srvrA /usr/bin/rcp -p -r /tmp/foofile srvrB:/tmp/."

 

This is way too convoluted. rcp copies either way. You can be on srvrc and copy between srvra and srvrb:

If you are on srvra, simply use:

 

rcp -rp /tmp/foofile srvrb:/tmp

 Again, simplify and once working you can add more layers.

NOTE: .rhosts must be in the $HOME directory for each user. It must have 600 (or 400) permission.

 

Test with just the simple commands first. Then you can encapsulate rcp if needed.

 



Bill Hassell, sysadmin
jakolodziej
Advisor

Re: Login Incorrect From remsh

Dear Mr. Hassell:

 

Thank you for the prompt reply and the suggestions. I went off and started to implement some of your suggestions when I noticed some strange "owner" problems on some of our files. With my colleague's help, we tracked down and solved the problem. We can now do the remsh command.

 

The problem was inconsistent nsswitch.conf files on the two Servers. This is a little embarrassing because we have been careful to keep the two Servers consistent for DNS/NIS/NFS/etc. I took the nsswitch.conf file from srvrA and rcp'ed it to srvrB, and the remsh now works. I even removed the /home/abcd/.rhosts file, and the remsh command still works. I still need to do more exhaustive testing, but for now, all seems well.

 

Thanks for the help.

 

Regards,

 

Jeff Kolodziej

jeffrey.a.kolodziej@nasa.gov