HPE Community
Operating System - HP-UX
1829755 Members
1791 Online
109992 Solutions
New Discussion

Rlogin does not work

 
Nisar Ahmad
Regular Advisor

‎01-02-2003 09:10 PM

‎01-02-2003 09:10 PM

Rlogin does not work

Hi There

Although I have rhosts/hosts.equiv entries on NodeA for the NodeB. I tried to "rlogin NodeA" from NodeB and it asked password.

Any clue or work arround ?

Thanks

Nisar
0 Kudos
Reply
7 REPLIES 7
avsrini
Trusted Contributor

‎01-02-2003 09:26 PM

‎01-02-2003 09:26 PM

Re: Rlogin does not work

Hi Nisar,

1. Check the nslookup of the ip address of the remote host.
Enter the exact output on the hosts.equiv or .rhosts file.

2. check the file permissions.
~/.rhosts has to be owned by the users and read+write to owner only.

3. /etc/hosts.equiv has to be owned by root and rw to root only.

Srini.
Be on top.
0 Kudos
Reply
Michael Tully
Honored Contributor

‎01-02-2003 09:32 PM

‎01-02-2003 09:32 PM

Re: Rlogin does not work

Besides checking for the permissions as stated, also check your /etc/inetd.conf file to make sure that this entry is not commented out.

login stream tcp nowait root /usr/lbin/rlogind rlogind
Anyone for a Mutiny ?
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-02-2003 09:33 PM

‎01-02-2003 09:33 PM

Re: Rlogin does not work

Probably a DNS or /etc/hosts issue on NodeA. NodeA will authenticate that NodeB is who it says it is by doing a reverse IP lookup. If your DNS server does not know about NodeB then NodeA will assume that this might be a spoofed address and request further authentication.

When you use nslookup, look both ways. That is, use nslookup NodeB and then nslookup 12.34.56.78 (whatever IP address). Each lookup must match both directions.

.rhosts must be 600 permissions. /etc/hosts.equiv is a pretty serious security risk since a single + character in that file allows every computer on your network to rlogin/remsh/rcp without a password.


Bill Hassell, sysadmin
0 Kudos
Reply
Chakravarthi
Trusted Contributor

‎01-02-2003 09:42 PM

‎01-02-2003 09:42 PM

Re: Rlogin does not work

check your pam.conf
0 Kudos
Reply
Ajay Tyagi
New Member

‎01-02-2003 11:16 PM

‎01-02-2003 11:16 PM

Re: Rlogin does not work

Hi Nisar

U can check rhost/hosts.equiv and put ip address with node name also.

Thanks
Ajay
0 Kudos
Reply
Jose Mosquera
Honored Contributor

‎01-03-2003 01:33 AM

‎01-03-2003 01:33 AM

Re: Rlogin does not work

Hi,

1) Certify "read" privileges to .rhost file ubicated in home directory of the target user. To make a test try set 444 privilege.
2) From target node use nslookup to obtain exact name resolution of the source node, then use this resolution name inside .rhosts file.
3) Certify that target host haven't a "shell" deny entry or allow filter inside of /var/adm/inetd.sec
4) Certify that target user haven't password expiration (important).
5) Remember that you must use in source node command the existent user in target node, sometimes this is confused for the user.

Rgds.
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎01-03-2003 07:01 AM

‎01-03-2003 07:01 AM

Re: Rlogin does not work

Usually this problem deals with name resolution, and does not require any further attention.

First, someone mentioned the permissions on the .rhosts file in a users home.

Make sure that $HOME/.rhosts is always set to 0400.

For /etc/hosts.equiv, this file needs to be set to 0444.

Next, to debug your problem, make sure you are resolving exactly the name listed in the $HOME/.rhosts or /etc/hosts.equiv. If you are using DNS, NIS, and files ensure that the nsswitch.conf is correct, and that the resolver can resolve the same name with the same source.

Best check is to telnet to the box, then type who -u. Ensure that the seat listed is the same you have in $HOME/.rhosts and/or /etc/hosts.equiv.

Next, ensure that the FIRST mechanism for resolving hosts has the same hostname as listed.

Sometimes in strange environments, I have had to list both real and fully qualified hostnames in the $HOME/.rhosts and /etc/hosts.equiv. 99% of the time though, it is just a matter of pointing to the correct resolver first.

Regards,

Shsnnon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.