HPE Community
Operating System - Linux
1828297 Members
2813 Online
109975 Solutions
New Discussion

Re: configure rsh

 
Michael Chan_3
Occasional Advisor

‎08-30-2001 06:19 AM

‎08-30-2001 06:19 AM

configure rsh

I am running RH7.1, I've have taken step to turn rsh on by enabling it in /etc/xinetd.d. I've also put the address of the remote server in /etc/hosts.equiv however when I did an rsh from the remote host, it's still asking me for a password. Does any know how to open rsh up without prompting for a password.

Thanks in advance.
0 Kudos
Reply
8 REPLIES 8
Sachin Patel
Honored Contributor

‎08-30-2001 08:24 AM

‎08-30-2001 08:24 AM

Re: configure rsh

Hi
You need .rhosts file for it. add the system name from where you are doing rsh
For example rsh from server1 to server2 as a root

add /root/.rhosts file and add server1 in it

It should work. you don't even need hosts.allow file.

Sachin
Is photography a hobby or another way to spend $
0 Kudos
Reply
Jerome Fenal_1
Valued Contributor

‎08-30-2001 10:13 AM

‎08-30-2001 10:13 AM

Re: configure rsh

Don't forget, when you are doing rsh being root, to either remove "securettys" lines in pam configuration, or to remove /etc/securetty file.
Otherwise, it would work for any user, except root.

Regards,

Jerome
Bienvenue chez moi
0 Kudos
Reply
Michael Chan_3
Occasional Advisor

‎08-30-2001 11:51 AM

‎08-30-2001 11:51 AM

Re: configure rsh

that's nice guys, but I want to be able to control who can rsh in and that's why I need /etc/hosts.allow because I've denied access in /etc/deny.allow, I've also had the name of the remote host in ~/.rhosts file. when rsh from remote host, it asks me for a password.

As for as root is concerned I already had it working with /etc/securettty in place. The trick to include rsh in it. Removing /etc/securetty is not a good idea. It's put in there for a purpose. I know openning rsh is not a good practice either, but I need it for budtools app. This why I need to put restrictions on the who can rsh in. For this purpose, I got the job done with rsh using root as the user to do my backup. But for education purposes, how can I do this for the regular user?

Thanks in advance.
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

‎08-30-2001 05:57 PM

‎08-30-2001 05:57 PM

Re: configure rsh

if you are also using pam, you may need to take a look at /etc/pam.d/rsh .

The entry you are looking for, I believe, would be
auth sufficient /lib/security/pam_rhosts_auth.so

if you don't want auth to ask for a passwd...
0 Kudos
Reply
Magdi KAMAL
Respected Contributor

‎08-31-2001 08:14 AM

‎08-31-2001 08:14 AM

Re: configure rsh

Hi kc,

A agree with Sachin, but you need also to set owner:group for the $HOME/.rhosts

Example "Remote shell from server1 to server 2" :

1. Create, on server2, the file ".rhosts" in the home directory that you want a specific user to use the remote shell command. And put inside the server from which the remote command will be issued, like :

server1 +

2. Set permission to 400 on file .rhosts on server2:
#chmod 400 $HOME/.rhosts

3. chown userName:groupNmae .rhosts

Now, userName can issue remote shell commands from server1 to server2.


Magdi
0 Kudos
Reply
Gary Seibak
Advisor

‎08-31-2001 09:43 AM

‎08-31-2001 09:43 AM

Re: configure rsh

If it is still not working, one thing to check is:

telnet to target server from remote host. On target host do "who -u" to see what machine name is displayed. Make sure the machine name matches what is in .rhosts.
0 Kudos
Reply
Kodjo Agbenu
Honored Contributor

‎08-31-2001 12:00 PM

‎08-31-2001 12:00 PM

Re: configure rsh

Hello,

I can't remember all the details, but there were an issue with some versions of rsh (the one I had problems with was shipped with RH7.0). To solve the problem, I had to re-install rsh from another RPM package.

Try something like this.

Good luck.

Kodjo
Learn and explain...
0 Kudos
Reply
Zeev Fisher
Occasional Advisor

‎09-01-2001 12:14 AM

‎09-01-2001 12:14 AM

Re: configure rsh

Hi,

What you need to do in addition to the .rhosts issue which was mentioned here is to add the word promiscuous to the /etc/pam.d/rsh file like the following :
auth required /lib/security/pam_rhosts_auth.so promiscuous

for rlogin there's a seperate file under /etc/pam.d

For root automatic rlogin you need to do additional thing like add the name of the service that you want to the /etc/securetty ( rlogin,rsh .. )
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.