1830044 Members
7031 Online
109998 Solutions
New Discussion

remsh connection refused

 
Coinneach Fitzpatrick
Occasional Advisor

remsh connection refused

User has scripts which connect using remsh (I know, I know). We recently turned off remsh due to security concerns. User squawks, I try to get remsh back running on just the boxen she uses until she fixes her scripts.

It's not coming back.

Reenabled in /etc/inetd.conf and restarted inetd. No joy. I can telnet from box to box, but not remsh.

Whatthe...?
21 REPLIES 21
twang
Honored Contributor

Re: remsh connection refused

To find out all network ports and services established and listening currently:
# netstat -an
Sunil Sharma_1
Honored Contributor

Re: remsh connection refused

Hi,

can you give some more info, like how you stop remsh and how you ar enabling it ?

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
Coinneach Fitzpatrick
Occasional Advisor

Re: remsh connection refused

# netstat -an |grep rem
#
Coinneach Fitzpatrick
Occasional Advisor

Re: remsh connection refused

inetd -c to restart.
Jim Mallett
Honored Contributor

Re: remsh connection refused

Did you remove the .rhosts file for that user on the target system? Also, check the ownership/permissions on the .rhosts file for that user on the target system.
The usernames match?

Jim
Hindsight is 20/20
Coinneach Fitzpatrick
Occasional Advisor

Re: remsh connection refused

No .rhosts on any of the target systems, or the source.
Jim Mallett
Honored Contributor

Re: remsh connection refused

Unfortunately I'm not at work so I don't have the man pages but I believe you either need to set up /etc/hosts.equiv or //.rhosts for remsh to work (authenticate). I know that's what I had to do way back when.

Do a 'man remsh' and I believe it tells you right in there. Go the .rhosts route though if you just want to do this for a single user.

Test it by creating an .rhosts on the target, inside it have the source host name. Then su to her account on the source and try the remsh.

(I just dialed into work and tested it and it worked after I created an .rhost for the user.)

Jim
Hindsight is 20/20
twang
Honored Contributor

Re: remsh connection refused

Create .rhosts (locate on user's home dir) on the target systems. it simply includes name of the source box as follows:

host_source
Steven E. Protter
Exalted Contributor

Re: remsh connection refused

Why don't you install this:

Secure shell
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

Exchange public keys with the user according to attached doc....

And finish the good thing you started.

Also, short term, check /var/adm/inetd.sec for blocks you might have set up.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
RAC_1
Honored Contributor

Re: remsh connection refused

.rhosts files in users home directories on both servers is must for remsh to work.
(This file will contain the remote servers name and user name if they are not same on both servers.)

I assume, you remsh enabled in inetd.conf.
There is no substitute to HARDWORK
Michael Tully
Honored Contributor

Re: remsh connection refused

You'll probably find that there was a /etc/hosts.equiv file that had the source server and user name included.

serverA (contents of /etc/hosts.equiv)

serverB myuser
Anyone for a Mutiny ?
Karthik S S
Honored Contributor

Re: remsh connection refused

Hi,

Check the following files on both the machines,

$HOME/.rhosts

/etc/hosts - Check if this file has entries for both the systems. If you are using DNS check /etc/nsswitch.conf.

/var/adm/inetd.sec - check if remsh is blocked.

Enable inetd logging by "inetd -l" and check for verbose o/p in /var/adm/syslog.log

Regards,
Karthik S S
For a list of all the ways technology has failed to improve the quality of life, please press three. - Alice Kahn
Coinneach Fitzpatrick
Occasional Advisor

Re: remsh connection refused

OK, user's home directories (yes, plural) have .rhosts on all systems.

Her scripts run from 1 box to 4 others. They were working before we disabled remsh, and were not changed afterwards.
Sudhakar.J
Advisor

Re: remsh connection refused

Hi,

remsh to work u shld have setup either $HOME/.rhosts or /etc/hosts.equiv files.

Best one will be try adding remote host entries in local host like the follg,

Servers .rhosts

hostA hostB root
hostB hostA root


Permissions shld be 644 for .rhosts file..Try out and get back to us..

ATB,
Sudhakar
Coinneach Fitzpatrick
Occasional Advisor

Re: remsh connection refused

Just tried creating .rhosts for my own account (not as root) on the source and on one target system. No joy there either.
Con O'Kelly
Honored Contributor

Re: remsh connection refused


Hi

If you're still having problems then post the output of the commands:

# grep shell /etc/inetd.conf
# grep shell /etc/services
# grep shell /var/adm/inetd.sec
# ll /home//.rhosts
# ll /etc/hosts.equiv

Cheers
Con

RAC_1
Honored Contributor

Re: remsh connection refused

Box1 user xxx
Box2 user xxx
Box3 user xxx
Box4 user xxx

xxx has got .rhosts in his home dirs on all servers.

telnet to box2 from box1.

do who -u, check your login and last coloumn.

What you see in last column should be in .rhosts file on box2

Check same for other boxex.
There is no substitute to HARDWORK
Coinneach Fitzpatrick
Occasional Advisor

Re: remsh connection refused

csmorstg:/home/tmp2195f>grep shell /etc/inetd.conf
shell stream tcp nowait root /usr/lbin/remshd remshd
kshell stream tcp nowait root /usr/lbin/remshd remshd -K

csmorstg:/home/tmp2195f>grep shell /etc/services
shell 514/tcp cmd # remote command, no passwd used
kshell 544/tcp krcmd # Kerberos remote shell -kfall
ekshell 545/tcp krcmd # Kerberos encrypted remote shell -kfall

csmorstg:/home/tmp2195f>grep shell /var/adm/inetd.sec
shell allow 15.* 130.27.* 130.29.* 130.30.* 130.168.* 134.40.* 141.121.*
csmorstg:/home/tmp2195f>ll /home/bvstage/.rhosts
-rw-r--r-- 1 bvstage users 148 Jan 9 2003 /home/bvstage/.rhosts

csmorstg:/home/tmp2195f>ll /etc/hosts.equiv
-r-------- 1 root sys 25 Mar 15 2001 /etc/hosts.equiv
Coinneach Fitzpatrick
Occasional Advisor

Re: remsh connection refused

In the above post, csmorstg is the source system (jump-off point). tmp2195f is me. User is bvstage.
Coinneach Fitzpatrick
Occasional Advisor

Re: remsh connection refused

Man I'm glad I'm off in an hour, and have only 7 days left here...

User just emailed me to say it's working.

#include rolleyes.h

Thanks to all,
Coinneach
Ollie R
Respected Contributor

Re: remsh connection refused

#include assignpoints.h ??????????
To err is human but to not award points is unforgivable