HPE Community
Operating System - HP-UX
1825747 Members
2411 Online
109687 Solutions
New Discussion

remsh problem

 
SOLVED
Go to solution
dictum9
Super Advisor

‎01-30-2007 08:13 AM

‎01-30-2007 08:13 AM

remsh problem

Trying to remsh to an Itanium 11.23 box and the remsh asks for a password. I set up the ~/.rhosts file but the problem persists.

Once I enter the password, it logs me in, but cannot do passwordless logins.

Looking at /etc/inetd.conf and /etc/services, everthing looks reasonable.

Any idea what is going on?

0 Kudos
Reply
11 REPLIES 11
John Dvorchak
Honored Contributor

‎01-30-2007 08:18 AM

‎01-30-2007 08:18 AM

Solution

Re: remsh problem

Are you trying to remsh to the 11.23 box as root? What is the perms of ~root/.rhosts? It should be 400.
If it has wheels or a skirt, you can't afford it.
Reply
A. Clay Stephenson
Acclaimed Contributor

‎01-30-2007 08:22 AM

‎01-30-2007 08:22 AM

Re: remsh problem

Is this a non-root user and is the -l remshd option in effect? (Check /etc/inetd.conf for this).
If it ain't broke, I can fix that.
Reply
James R. Ferguson
Acclaimed Contributor

‎01-30-2007 08:23 AM

‎01-30-2007 08:23 AM

Re: remsh problem

Hi:

I'd review the contents of your '.rhosts' file. Make sure, too that your file is readable and writeable only by the owner.

Regards!

...JRF...
Reply
dictum9
Super Advisor

‎01-30-2007 08:25 AM

‎01-30-2007 08:25 AM

Re: remsh problem


I forgot to mention that I am doing it as a regular user.

When I try to remsh to execute a command on there, it says login incorrect.

when I try to login in via remsh, it asks for the password, and when I enter the password, it logs me in.

But it doesn't do password-less authentication.


0 Kudos
Reply
John Dvorchak
Honored Contributor

‎01-30-2007 08:29 AM

‎01-30-2007 08:29 AM

Re: remsh problem

Are you logged on to the originating box as the same userid as on the target box? If not you have to use the -l userid switch. From the man remsh page:

remsh -l user_on_host hostname command

Also does the host use password authentication or some sort of SecurID card where the password changes every minute or so?
If it has wheels or a skirt, you can't afford it.
Reply
dictum9
Super Advisor

‎01-30-2007 08:42 AM

‎01-30-2007 08:42 AM

Re: remsh problem


#:grep remsh /etc/inetd.conf
shell stream tcp6 nowait root /usr/lbin/remshd remshd
# The standard remshd and rlogind do not include the Kerberized
kshell stream tcp nowait root /usr/lbin/remshd remshd -K





$ ll .rhosts
-r-------- 1 test1 sap 76 Jan 30 15:58 .rhosts
0 Kudos
Reply
Denver Osborn
Honored Contributor

‎01-30-2007 08:49 AM

‎01-30-2007 08:49 AM

Re: remsh problem

Are you using the shortname or fqdn in .rhosts file?

After you rlogin using password, what host does "who -mR" display? This string doesn't match the .rhosts entry. You could also change the hostname to the ip for testing in .rhosts

Hope this helps,
-denver

Reply
Denver Osborn
Honored Contributor

‎01-30-2007 08:58 AM

‎01-30-2007 08:58 AM

Re: remsh problem

ew. I need to reword that or stop playing on the ITRC and take a nap. :)

Anyhow, should've been... run "who -mR" and if the host string doesn't match what's in your ~/.rhosts entry, fix it.

-denver
0 Kudos
Reply
dictum9
Super Advisor

‎01-30-2007 09:16 AM

‎01-30-2007 09:16 AM

Re: remsh problem

Bingo - that fixed it. It was resolving to hostname.backups.com, not the primary name. Don't know why, but I included it in the .rhosts - and it works, without the password now.

quote-----------------------

who -mR" and if the host string doesn't match what's in your ~/.rhosts entry, fix it.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-30-2007 12:56 PM

‎01-30-2007 12:56 PM

Re: remsh problem

And to amplify the solution a bit: remsh is a good metric for bad DNS configurations. Since remsh is bypassing the usual interactive login authentication, it resorts to the only security available: DNS reverse lookup. Unfortunately, DNS is often assigned to the PC admins who think in terms of domains and WINS. Reverse IP lookup may be missing as well as MX (mail delivery).

Now if you don't use DNS (no /etc/resolv.conf file) then /etc/hosts will govern what remsh will see. The two commands to check name resolution are nslookup and nsquery:

nslookup abc
nslookup 12.34.56.78
nsquery hosts abc


Bill Hassell, sysadmin
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎01-30-2007 03:15 PM

‎01-30-2007 03:15 PM

Re: remsh problem

I've had cases where rlogin didn't work so I had to use the IP address in my .rhosts file until the sysadmin could figure out why DNS or NIS wasn't working.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.