1839268 Members
3113 Online
110137 Solutions
New Discussion

Re: remsh and rtelnet

 
SOLVED
Go to solution
Samuel Mathew
Frequent Advisor

remsh and rtelnet

Are remsh and rtelnet available in Red Hat 8.0? I don't find it in my machine. How will I go about installing it, if it is there?
Hope I can get some clear answers.
Regards
16 REPLIES 16
Steven E. Protter
Exalted Contributor
Solution

Re: remsh and rtelnet

You will find these items on your Install CD.

You just didn't click them at install. You can put the cd back in and browsw through it. Telnet will be under telnet server.

Or you can go get the current rpm's from red hat's web site. http://www.redhat.com

Download them.

rpm -i
You might need to configure xinetd.conf to enable the services, the install might not do that.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jerome Henry
Honored Contributor

Re: remsh and rtelnet

Nevertheless, those services are not installed by default, as considered as less secure than ssh...

You may wish to read the following, from redhat, an advise on those services :
http://www.europe.redhat.com/documentation/rhl8.0/rhl-rg-en-8.0/s1-ssh-requiring.php3

hope this helps.

J
You can lean only on what resists you...
Samuel Mathew
Frequent Advisor

Re: remsh and rtelnet

That was helpful. I installed the services. rsh is active now. I gave the command
rsh peanuts -l al cat /devannex/sam ">>" /tmp/sam
peanuts is my remote machine which is a HP-UX 10.20. al is a user. I expected this to write the contents of file 'sam' to location /tmp. It is hanging there. Is it a permissions problem? Or what else? I have permissions for everybody to access /devannex.
Am I missing something?
Thanks in advance
Sam
Dave Falloon
Trusted Contributor

Re: remsh and rtelnet

I would suggest a slight change in the syntax of your command:

rsh -l al peanuts "cat /devannex/sam" >> /tmp/sam

This would write the contents of the file located on "peanuts" to your local machines /tmp/sam file

I hope that helps,

Dave
Clothes make the man, Naked people have little to no effect on society
Dave Falloon
Trusted Contributor

Re: remsh and rtelnet

I forgot to mention that you need to passwordless access for rsh to run a command on a remote machine. You will need to add a /etc/hosts.equiv with the name of the machine connecting to the HP-UX box, which is REALLY insecure. This is precisely the reason the "r" tools were abandoned for the "s" tools. A better way to do this would be with ssh.

Almost the same command as I gave last time but substitute ssh for rsh:

ssh al@peanuts "cat /devannex/sam" >> /tmp/sam

This is ask for a password for the al user on the HP-UX machine ( or from NIS or whatever you use ) and then the contents of the sam on the HP box is dumped to a file on your local machine in /tmp called sam.

I hope that helps,

Dave
Clothes make the man, Naked people have little to no effect on society
Samuel Mathew
Frequent Advisor

Re: remsh and rtelnet

I cannot get that to work. If I give that command 'rsh' it just hangs there.. I enter Cntrl-C and it comes out. It has created a file with 0 bytes. It must be something to do with permissions. But I have checked all and nothing I can see wrong.
I don't need any security since I am doing it with in my trusted small network. To set up ssh, I guess I have to set all security correctly.( I tried ssh also, but came with permission refused. If I try is there a simple way of bypassing the security restricions?).
Can some body tell me why it is hanging and won't create any files with that command?
rsh -l al peanuts "cat /devannex/sample1" >> /tmp/sam.
Dave Falloon
Trusted Contributor

Re: remsh and rtelnet

I have a small trusted network that is not connected to the internet, I use rsh in scripts all the time. Here are the steps that I used to get it to work on linux boxes, you may have to adapt them to get it to work on the HP-UX box.

First you have to reduce the restrictions of PAM, in debian this means you have to edit the /etc/pam.d/rsh /etc/pam.d/rlogin and change the this line:

auth required pam_rhosts_auth.so

To:

auth sufficient pam_rhosts_auth.so

This will tell pam that if the machine passes the rhosts check, ie. is in /etc/hosts.equiv or there is a .rhosts in the home dir of the specified user then all of the other pam modules are ignored. This is a big hole so make sure this is not attached to any other networks or accessible by arbitrary people. This hole allows this to happen:

rsh -l root machine

with no password

Now that pam has been crippled you need to add the hosts to the file /etc/hosts.equiv. This is the system wide rhosts file, any entry in this file that does not have a - infront of its name can rsh to this machine as any user without providing a password so be very careful what you put in here. The man page would lead you to believe that every entry needs a preceeding + infront of its name. It has been my experience that you only need the name of the machine ( as long as the name is resolvable ). Here is my /etc/hosts.equiv

#cat /etc/hosts.equiv
obiwan
yoda
han
chewie
turlet
#

I needed to add a /root/.rhosts on my systems, I can't remember why, but the contents of the .rhosts is simply the name of the master server in the little farm on a single line, like this:

#cat /root/.rhosts
obiwan
#

After all of these settings have been changed I rebooted the machines and the settings took effect after the reboot. The reboot was necessary simply to changed the kernels on the machines, but I do recall that the pam changes only took effect after the reboot so you may have to restart pam/networking on the machine if you do not want to have to reboot the boxes.

Oh and you may have to modify the securetty file so that the root user can login over rsh/rlogin you may have settings set that anything other than the console or vt is not happening.

I hope that helps,

Dave
Clothes make the man, Naked people have little to no effect on society
Samuel Mathew
Frequent Advisor

Re: remsh and rtelnet

Dave
Thanks. I did all of what you said. I tried between two linux machines before I try between a linux and HP. With the rsh I get the error:
krb_sendauth failed: you have no tickets cached. It seems something more is holding me. I am able to do a 'rsh -l root barny' where barny is my other machine. It comes to the # prompt. But I cannot execute an ls or a cat command using rsh. Any idea where I am going wrong?
Thanks for the help
Regards
Dave Falloon
Trusted Contributor

Re: remsh and rtelnet

What distro are you using for linux?

The first error sounds like a kerberos problem. I haven't spent much time hacking around with kerberos so I won't be much help there, although I did check out the man page and it says you can give a -k switch to turn off kerberos, so give that a whirl. Maybe someone with more experience with kb wants jump in here?

Well what we know is that rsh in some form works with no password as long as you don't run a command, right?
That tells me that rlogin works but rsh doesn't, so check the pam conf stuff for rsh.

I hope that helps,

Dave
Clothes make the man, Naked people have little to no effect on society
Dave Falloon
Trusted Contributor

Re: remsh and rtelnet

What distro are you using for linux?

The first error sounds like a kerberos problem. I haven't spent much time hacking around with kerberos so I won't be much help there, although I did check out the man page and it says you can give a -k switch to turn off kerberos, so give that a whirl. Maybe someone with more experience with kb wants jump in here?

Well what we know is rsh in some form works with no password as long as you don't run a command, right?
That tells me that rlogin works but rsh doesn't, so check the pam conf stuff for rsh.

I hope that helps,

Dave
Clothes make the man, Naked people have little to no effect on society
Samuel Mathew
Frequent Advisor

Re: remsh and rtelnet

I have Red Hat 8.0. -k is for using our own realm and I don't understand how to use realm.
in the pam.d is there a way of telling that there is no restrictions 'not required' instead of sufficient, so as to by pass all the security totally. kerbaros seems to be the issue that I have to get over with, I guess.
Dave thanks for your help. If any of the other experts can show me a light, I would appreciate.
Regards
sam
Dave Falloon
Trusted Contributor

Re: remsh and rtelnet

My bad, I messed up the switch I meant -K its capitolized. The man page for rsh says this:

-K The -K option turns off all Kerberos authentication.

Try that it should work.

As for turning off all restrictions if you get around the kerberos the sufficient line will do it:

sufficient means if this is satisfied then ignore the rest of the pam restrictions. I am pretty sure that list for a service is run through from the top of the list to the bottom so make sure that the :

auth sufficient pam_rhosts_auth.so

is at the top.

I think if you use the -K we can start troubleshooting the pam portion of your problem.

I hope that helps,

Dave
Clothes make the man, Naked people have little to no effect on society
Samuel Mathew
Frequent Advisor

Re: remsh and rtelnet

Dave,
There is no -K option first of all under ksh. It is only -k and it is for realm. I am using red Hat 8.0. I think if I can handle the kerberos hurdle I will be ok. Please let me know if you have any other suggestion. I need to solve this immediately.
Thanks and regards
Samuel Mathew
Frequent Advisor

Re: remsh and rtelnet

I would appreciate a reply for my above query. Today I tried ssh and got the following error. Can anybody guide me on this?
#ssh leroy -l al "cat /home/al/list1" >> /tmp/sam1
ssh: connect to host leroy port 22: Connection refused

How can I resolve this connection refused issue? I have .rhosts under / for leroy and this contains entry including barny (which is the linux computer) From where I am giving this command.
Is there anything else to be done on HP side?
Thanks and regards
Dave Falloon
Trusted Contributor

Re: remsh and rtelnet

The -K was for rsh not for ksh, was that a typo?

ssh will not heed the .rhosts or hosts.equiv that is specifically for the older depricated r tools.

Does this remote command happen in a batch or cron script or is there user intervention when the command happens? Are you at the terminal?

if so then ssh with a password will work.

The error you had with ssh most often happens because the ssh server is not running on the host you are connecting to. Check to make sure that sshd is functioning and listening on the proper port:

netstat -ap |grep 22

should tell you whats listening on port 22. If nothing is listening then you can't connect.

Have you checked the rsh man page for any useful switches? As I had previously said the rsh man page on my machine debian ~3.0 says that the -K switch will turn off all of the kerberos auth.

I hope that helps,

Dave
Clothes make the man, Naked people have little to no effect on society
Mario Burgos
New Member

Re: remsh and rtelnet

for SSH use:

ssh al@leroy "cat /devannex/sam" >> /tmp/sam

That is: ssh @ "" >> /path/to/local/dir