1748202 Members
3009 Online
108759 Solutions
New Discussion юеВ

Re: rexecd

 
christian_derek
Regular Advisor

rexecd

Hi,

I'm using a third party tools, that use Java in the front end and a legacy application in the back end. Currently when the java applet initiated a connection with the hpux, the applet will talk to a socket process on the hpux and it will fork another process that will use rexecd and intercept the stdin and stdout to run the application. How can we do this with ssh, I was told by our third party vendor, that the issue they are facing is ssh, could not be run in an asynchronous way.
Any help will be appreciate.

Thansk,
5 REPLIES 5
Steven E. Protter
Exalted Contributor

Re: rexecd

Shalom,

I would set up password free access between the owner of the java app and the owner of the objects you are trying to execute.

http://www.hpux.ws/?p=10

Need to see more specifics to provide more specific help.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Ganesan R
Honored Contributor

Re: rexecd

Hi Christian,

As SEP said, you need to configure ssh passwordless login for that user. So that the user can login without password and excute whatever he needs..

Let us know if you need the steps to configure SSH password less login.
Best wishes,

Ganesh.
christian_derek
Regular Advisor

Re: rexecd

I absolutely need to be able to validate the o/s password, the reason is we are passing a pci certification, that certification is related to the credit card processing. Like I mentionned, the application is currently using rexecd, but we need to desactivated the r function, so they are looking at alternative.

Thanks,
Ganesan R
Honored Contributor

Re: rexecd

Hi Christian,

SSH passwordless login is not a insecure one. It is purely secure authentication.

What we are doing her is, generating a public key for that user and put it on the host where he wants to login. So that this user should be validated with the key we stored and allowed to login.

Note that it is two way authentication. One is host based and other is user level. User cannot login from other servers other than one where we generated the key.

Best wishes,

Ganesh.
christian_derek
Regular Advisor

Re: rexecd

Hi,

the most important thing is that we need to intercept the stdin and stout to be able to talk to the legacy backend application, they told me that they tried with su, but it was only binding to a terminal.

thanks,