1828242 Members
2615 Online
109975 Solutions
New Discussion

configure rsh

 
Michael Chan_3
Occasional Advisor

configure rsh

I am running RH7.1, I've have taken step to turn rsh on by enabling it in /etc/xinetd.d. I've also put the address of the remote server in /etc/hosts.equiv however when I did an rsh from the remote host, it's still asking me for a password. Does any know how to open rsh up without prompting for a password.

Thanks in advance.
8 REPLIES 8
Sachin Patel
Honored Contributor

Re: configure rsh

Hi
You need .rhosts file for it. add the system name from where you are doing rsh
For example rsh from server1 to server2 as a root

add /root/.rhosts file and add server1 in it

It should work. you don't even need hosts.allow file.

Sachin
Is photography a hobby or another way to spend $
Jerome Fenal_1
Valued Contributor

Re: configure rsh

Don't forget, when you are doing rsh being root, to either remove "securettys" lines in pam configuration, or to remove /etc/securetty file.
Otherwise, it would work for any user, except root.

Regards,

Jerome
Bienvenue chez moi
Michael Chan_3
Occasional Advisor

Re: configure rsh

that's nice guys, but I want to be able to control who can rsh in and that's why I need /etc/hosts.allow because I've denied access in /etc/deny.allow, I've also had the name of the remote host in ~/.rhosts file. when rsh from remote host, it asks me for a password.

As for as root is concerned I already had it working with /etc/securettty in place. The trick to include rsh in it. Removing /etc/securetty is not a good idea. It's put in there for a purpose. I know openning rsh is not a good practice either, but I need it for budtools app. This why I need to put restrictions on the who can rsh in. For this purpose, I got the job done with rsh using root as the user to do my backup. But for education purposes, how can I do this for the regular user?

Thanks in advance.
Mark Fenton
Esteemed Contributor

Re: configure rsh

if you are also using pam, you may need to take a look at /etc/pam.d/rsh .

The entry you are looking for, I believe, would be
auth sufficient /lib/security/pam_rhosts_auth.so

if you don't want auth to ask for a passwd...
Magdi KAMAL
Respected Contributor

Re: configure rsh

Hi kc,

A agree with Sachin, but you need also to set owner:group for the $HOME/.rhosts

Example "Remote shell from server1 to server 2" :

1. Create, on server2, the file ".rhosts" in the home directory that you want a specific user to use the remote shell command. And put inside the server from which the remote command will be issued, like :

server1 +

2. Set permission to 400 on file .rhosts on server2:
#chmod 400 $HOME/.rhosts

3. chown userName:groupNmae .rhosts

Now, userName can issue remote shell commands from server1 to server2.


Magdi
Gary Seibak
Advisor

Re: configure rsh

If it is still not working, one thing to check is:

telnet to target server from remote host. On target host do "who -u" to see what machine name is displayed. Make sure the machine name matches what is in .rhosts.
Kodjo Agbenu
Honored Contributor

Re: configure rsh

Hello,

I can't remember all the details, but there were an issue with some versions of rsh (the one I had problems with was shipped with RH7.0). To solve the problem, I had to re-install rsh from another RPM package.

Try something like this.

Good luck.

Kodjo
Learn and explain...
Zeev Fisher
Occasional Advisor

Re: configure rsh

Hi,

What you need to do in addition to the .rhosts issue which was mentioned here is to add the word promiscuous to the /etc/pam.d/rsh file like the following :
auth required /lib/security/pam_rhosts_auth.so promiscuous

for rlogin there's a seperate file under /etc/pam.d

For root automatic rlogin you need to do additional thing like add the name of the service that you want to the /etc/securetty ( rlogin,rsh .. )