remsh connection refused

Coinneach Fitzpatrick · ‎07-10-2003

User has scripts which connect using remsh (I know, I know). We recently turned off remsh due to security concerns. User squawks, I try to get remsh back running on just the boxen she uses until she fixes her scripts.

It's not coming back.

Reenabled in /etc/inetd.conf and restarted inetd. No joy. I can telnet from box to box, but not remsh.

Whatthe...?

twang · ‎07-10-2003

To find out all network ports and services established and listening currently:
# netstat -an

Sunil Sharma_1 · ‎07-10-2003

Hi,

can you give some more info, like how you stop remsh and how you ar enabling it ?

Sunil

*** Dream as if you'll live forever. Live as if you'll die today ***

Coinneach Fitzpatrick · ‎07-10-2003

# netstat -an |grep rem
#

Coinneach Fitzpatrick · ‎07-10-2003

inetd -c to restart.

Jim Mallett · ‎07-10-2003

Did you remove the .rhosts file for that user on the target system? Also, check the ownership/permissions on the .rhosts file for that user on the target system.
The usernames match?

Jim

Hindsight is 20/20

Coinneach Fitzpatrick · ‎07-10-2003

No .rhosts on any of the target systems, or the source.

Jim Mallett · ‎07-10-2003

Unfortunately I'm not at work so I don't have the man pages but I believe you either need to set up /etc/hosts.equiv or //.rhosts for remsh to work (authenticate). I know that's what I had to do way back when.

Do a 'man remsh' and I believe it tells you right in there. Go the .rhosts route though if you just want to do this for a single user.

Test it by creating an .rhosts on the target, inside it have the source host name. Then su to her account on the source and try the remsh.

(I just dialed into work and tested it and it worked after I created an .rhost for the user.)

Jim

Hindsight is 20/20

twang · ‎07-10-2003

Create .rhosts (locate on user's home dir) on the target systems. it simply includes name of the source box as follows:

host_source

Steven E. Protter · ‎07-10-2003

Why don't you install this:

Secure shell
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

Exchange public keys with the user according to attached doc....

And finish the good thing you started.

Also, short term, check /var/adm/inetd.sec for blocks you might have set up.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

RAC_1 · ‎07-10-2003

.rhosts files in users home directories on both servers is must for remsh to work.
(This file will contain the remote servers name and user name if they are not same on both servers.)

I assume, you remsh enabled in inetd.conf.

There is no substitute to HARDWORK

Michael Tully · ‎07-10-2003

You'll probably find that there was a /etc/hosts.equiv file that had the source server and user name included.

serverA (contents of /etc/hosts.equiv)

serverB myuser

Anyone for a Mutiny ?

Karthik S S · ‎07-10-2003

Hi,

Check the following files on both the machines,

$HOME/.rhosts

/etc/hosts - Check if this file has entries for both the systems. If you are using DNS check /etc/nsswitch.conf.

/var/adm/inetd.sec - check if remsh is blocked.

Enable inetd logging by "inetd -l" and check for verbose o/p in /var/adm/syslog.log

Regards,
Karthik S S

For a list of all the ways technology has failed to improve the quality of life, please press three. - Alice Kahn

Coinneach Fitzpatrick · ‎07-10-2003

OK, user's home directories (yes, plural) have .rhosts on all systems.

Her scripts run from 1 box to 4 others. They were working before we disabled remsh, and were not changed afterwards.

Sudhakar.J · ‎07-10-2003

Hi,

remsh to work u shld have setup either $HOME/.rhosts or /etc/hosts.equiv files.

Best one will be try adding remote host entries in local host like the follg,

Servers .rhosts

hostA hostB root
hostB hostA root

Permissions shld be 644 for .rhosts file..Try out and get back to us..

ATB,
Sudhakar

Coinneach Fitzpatrick · ‎07-10-2003

Just tried creating .rhosts for my own account (not as root) on the source and on one target system. No joy there either.

Con O'Kelly · ‎07-10-2003

Hi

If you're still having problems then post the output of the commands:

# grep shell /etc/inetd.conf
# grep shell /etc/services
# grep shell /var/adm/inetd.sec
# ll /home//.rhosts
# ll /etc/hosts.equiv

Cheers
Con

RAC_1 · ‎07-10-2003

Box1 user xxx
Box2 user xxx
Box3 user xxx
Box4 user xxx

xxx has got .rhosts in his home dirs on all servers.

telnet to box2 from box1.

do who -u, check your login and last coloumn.

What you see in last column should be in .rhosts file on box2

Check same for other boxex.

There is no substitute to HARDWORK

Coinneach Fitzpatrick · ‎07-10-2003

csmorstg:/home/tmp2195f>grep shell /etc/inetd.conf
shell stream tcp nowait root /usr/lbin/remshd remshd
kshell stream tcp nowait root /usr/lbin/remshd remshd -K

csmorstg:/home/tmp2195f>grep shell /etc/services
shell 514/tcp cmd # remote command, no passwd used
kshell 544/tcp krcmd # Kerberos remote shell -kfall
ekshell 545/tcp krcmd # Kerberos encrypted remote shell -kfall

csmorstg:/home/tmp2195f>grep shell /var/adm/inetd.sec
shell allow 15.* 130.27.* 130.29.* 130.30.* 130.168.* 134.40.* 141.121.*
csmorstg:/home/tmp2195f>ll /home/bvstage/.rhosts
-rw-r--r-- 1 bvstage users 148 Jan 9 2003 /home/bvstage/.rhosts

csmorstg:/home/tmp2195f>ll /etc/hosts.equiv
-r-------- 1 root sys 25 Mar 15 2001 /etc/hosts.equiv

Coinneach Fitzpatrick · ‎07-10-2003

In the above post, csmorstg is the source system (jump-off point). tmp2195f is me. User is bvstage.

Coinneach Fitzpatrick · ‎07-10-2003

Man I'm glad I'm off in an hour, and have only 7 days left here...

User just emailed me to say it's working.

#include rolleyes.h

Thanks to all,
Coinneach

Ollie R · ‎07-10-2003

#include assignpoints.h ??????????

To err is human but to not award points is unforgivable

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

remsh connection refused

remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused

Re: remsh connection refused