HPE Community
Operating System - HP-UX
1833863 Members
2377 Online
110063 Solutions
New Discussion

who is using remshd

 
Fauziah Mahdan
Super Advisor

‎03-18-2007 04:05 PM

‎03-18-2007 04:05 PM

who is using remshd

Hi all,
I set cronjob to get the last log and lastb log for every of my unix box.
At the same time I will jot down when and why I need to login as root to compare this log file.
I was not sure who and when the remshd connection is established? How can I check this? So far I only found the remshd running on my database prod server and usually the remshd run atleast once a month and the end of the week.
Thanks
Fauziah Mahdan
0 Kudos
Reply
5 REPLIES 5
Patrick Wallek
Honored Contributor

‎03-18-2007 04:16 PM

‎03-18-2007 04:16 PM

Re: who is using remshd

If you add the '-R' to your last and lastb commands then you will get the IP address or hostname of the device that initiated that session.

That should help you track down your remshd culprit.
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎03-18-2007 07:04 PM

‎03-18-2007 07:04 PM

Re: who is using remshd

Actually I put already -R and I know from which server but I dunno who or which application cause the remshd.

root remshd cgcdb2 Fri Feb 23 11:21 - 11:21 (00:00)
root remshd cgcdb2 Fri Feb 23 11:21 - 11:21 (00:00)
root remshd cgcdb2 Fri Feb 23 11:20 - 11:20 (00:00)
root remshd cgcdb2 Fri Feb 23 11:20 - 11:20 (00:00)
0 Kudos
Reply
Tommy_6
Regular Advisor

‎03-19-2007 02:07 AM

‎03-19-2007 02:07 AM

Re: who is using remshd

The /var/adm/syslog/mail.log will show you the time and system it connected from.
0 Kudos
Reply
OldSchool
Honored Contributor

‎03-19-2007 02:16 AM

‎03-19-2007 02:16 AM

Re: who is using remshd

well, you know its "root" from "cgcdb2".

I'd take a look in root's crontab on cgcdb2 for suspects. also check /var/adm/sulog on cgcdb2.

If sudo is installed on cgcdb2, check syslog (or whatever log is spec'd in sudoers file)
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎04-09-2007 02:33 PM

‎04-09-2007 02:33 PM

Re: who is using remshd

I have checked all possible file and as I said I did jot down my own activity when I use root id. The remshd is due to nickel process. How come only these 2 servers reported the remshd transaction while the rest server did not appear? Is it because both server are db servers and the db was located at external drive using disk array whereby it works as mirror and fail over?
From which nickel command will generate this remshd transaction?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.