1820886
Members
3800
Online
109628
Solutions
Hi William,
I haven't heard of your problem before.
When the problem starts happening, does this 11.23 system have any problems using remsh to systems other than this Windows system or can you successfully remsh to other systems from this 11.23 system?
The error you're seeing is listed in the rcmd(3N) man page:
socket: Protocol failure in circuit setup
Socket connection not established on a reserved port or socket address not of the Internet family type.
The man page indicates this is either a problem involving reserved ports or establishing a non AF_INET socket. The fact that if you stop/restart the rshd service on the Windows box allows the program to work properly for a week leads me to believe that this could be a case where the Windows system is running out of reserved ports, possibly because of the number of simultaneous connections on the Windows system or because of a bug in the rshd daemon on the Windows system not properly returning the reserved ports back to the available pool.
I have a hard time believing that stoping and restarting the rshd daemon will influence the type of protocol family it uses for a connection (i.e. AF_INET). Are there any patches available for the rshd drop at sorceforge?
Regards,
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
I haven't heard of your problem before.
When the problem starts happening, does this 11.23 system have any problems using remsh to systems other than this Windows system or can you successfully remsh to other systems from this 11.23 system?
The error you're seeing is listed in the rcmd(3N) man page:
socket: Protocol failure in circuit setup
Socket connection not established on a reserved port or socket address not of the Internet family type.
The man page indicates this is either a problem involving reserved ports or establishing a non AF_INET socket. The fact that if you stop/restart the rshd service on the Windows box allows the program to work properly for a week leads me to believe that this could be a case where the Windows system is running out of reserved ports, possibly because of the number of simultaneous connections on the Windows system or because of a bug in the rshd daemon on the Windows system not properly returning the reserved ports back to the available pool.
I have a hard time believing that stoping and restarting the rshd daemon will influence the type of protocol family it uses for a connection (i.e. AF_INET). Are there any patches available for the rshd drop at sorceforge?
Regards,
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hi Bill,
The fact that the error is complaining about rcmd_af() means this has something to do with IPV6, as you pointed out in your initial post. I don't believe 10.20, 11.0 and most Linux systems support IPV6.
Do you know if any of the systems that work when the 11.23 system fails have IPV6 enabled? Perhaps there is something going on in the setup of the IPV6 portion of the rcmd that is failing where the IPV4 portion is working, which would explain the IPV6-enabled system showing the symptom and the IPV4 systems not showing it.
Are you using IPV6 networking in your environment or would you be fine disabling it on your 11.23 system if there were a way to do this?
Regards,
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
The fact that the error is complaining about rcmd_af() means this has something to do with IPV6, as you pointed out in your initial post. I don't believe 10.20, 11.0 and most Linux systems support IPV6.
Do you know if any of the systems that work when the 11.23 system fails have IPV6 enabled? Perhaps there is something going on in the setup of the IPV6 portion of the rcmd that is failing where the IPV4 portion is working, which would explain the IPV6-enabled system showing the symptom and the IPV4 systems not showing it.
Are you using IPV6 networking in your environment or would you be fine disabling it on your 11.23 system if there were a way to do this?
Regards,
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hi Bill,
You asked about whether remsh uses priv ports as a security mechanism. The answer is yes. It is obviously not the greatest security mechanism, but the assumption is that only a priv user can request a priv port. This is why the remsh binary is a setuid-root binary:
# ll /usr/bin/remsh
-r-sr-xr-x 1 root bin 96156 Sep 3 2003 /usr/bin/remsh
This is explained in a little more detail in the remshd man page:
_________________________________________
remshd allows two kinds of authentication methods:
1. Authentication based on privileged port numbers where the client's source port must be in the range 512 through 1023. In this case remshd assumes it is operating in normal or non-secure environment.
2. Authentication based on Kerberos V5. In this case remshd assumes that it is operating in a Kerberos V5 Network Authentication, i.e., secure environment.
_________________________________________
The rcmd man page also discusses the reserved port range requirement, and the fact that any command calling rcmd (like remsh) must run as root, as this is required to get a priv port.
Hope this helps. Glad my reserved port hint pointed you in the right direction.
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
You asked about whether remsh uses priv ports as a security mechanism. The answer is yes. It is obviously not the greatest security mechanism, but the assumption is that only a priv user can request a priv port. This is why the remsh binary is a setuid-root binary:
# ll /usr/bin/remsh
-r-sr-xr-x 1 root bin 96156 Sep 3 2003 /usr/bin/remsh
This is explained in a little more detail in the remshd man page:
_________________________________________
remshd allows two kinds of authentication methods:
1. Authentication based on privileged port numbers where the client's source port must be in the range 512 through 1023. In this case remshd assumes it is operating in normal or non-secure environment.
2. Authentication based on Kerberos V5. In this case remshd assumes that it is operating in a Kerberos V5 Network Authentication, i.e., secure environment.
_________________________________________
The rcmd man page also discusses the reserved port range requirement, and the fact that any command calling rcmd (like remsh) must run as root, as this is required to get a priv port.
Hope this helps. Glad my reserved port hint pointed you in the right direction.
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]