- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: rsh and rlogin
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-27-2005 04:57 PM
тАО06-27-2005 04:57 PM
Re: rsh and rlogin
First, answer to Stuart question : I am trying to connect as a normal user : oracle who has a valid login in both boxes ...
next when I run the iptables -L command I get :
[root@uxcoedb001 root]# iptables -nvL
/lib/modules/2.4.18-e.41smp/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.18-e.41smp/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.18-e.41smp/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.18-e.41smp/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
????????????????????????
Well as mentioned , I am not aware of the firewall being used, I ran the services iptables stop and still no joy.
What is more puzzling is that there are no relevant entries in either /var/log/messages or /var/log/secure (ie recorded when commands entered) even with me running rlogin -d
Do I have to explicitely start other service? this is the list from chkconfig
[root@uxcoedb002 etc]# chkconfig --list
keytable 0:off 1:on 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netdump-server 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ipchains 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
lpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
identd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
radvd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rwhod 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rstatd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rusersd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rwalld 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off
arpwatch 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ipvsadm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rhnsd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xinetd based services:
chargen-udp: off
chargen: off
daytime-udp: off
daytime: off
echo-udp: off
echo: off
services: off
servers: off
time-udp: off
time: off
sgi_fam: on
finger: off
rexec: on
rlogin: on
rsh: on
ntalk: off
talk: off
telnet: on
rsync: off
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-27-2005 05:23 PM
тАО06-27-2005 05:23 PM
Re: rsh and rlogin
Now, we know the service is 'started and listening' (those three lines form the 'netstat -ntlp' I pasted back proove that), and no. Once you issue 'chkconfig rsh on', it's started and listening.
Things to verify on server machine (i.e. the one you are trying to 'rlogin' into):
ls -l ~oracle/.rhosts
cat ~oracle/.rhosts
cat /etc/hosts.{allow,deny}
The permissions on the '.rhosts' should be no more than 0600. The content of the '.rhosts' file should hvae the machine-name or IP address of the remote machine, and can be pinged.
The '/etc/hosts.allow' & '/etc/hosts.deny' should have enough in them to allow 'in.rshd' and 'in.rlogind' (or both be empty).
Nothing is required on the client machine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-27-2005 05:58 PM
тАО06-27-2005 05:58 PM
Re: rsh and rlogin
Thanks for your time!
here is the output :
[root@uxcoedb002 etc]# ls -l ~oracle/.rhosts
-r-------- 1 oracle dba 145 Jun 28 15:58 /home/oracle/.rhosts
[root@uxcoedb002 etc]# cat ~oracle/.rhosts
10.49.123.22 oracle
10.49.123.23 oracle
uxcoedb001 oracle
uxcoedb001.coe.int oracle
10.49.123.22
10.49.123.23
uxcoedb001
uxcoedb001.coe.int
[root@uxcoedb002 etc]# cat /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
in.rshd:10.49.123.22
in.rlogind:10.49.123.22
in.rshd:uxcoedb001
in.rlogind:uxcoedb001
[root@uxcoedb002 etc]# cat /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
in.rshd:10.49.123.22
in.rlogind:10.49.123.22
in.rshd:uxcoedb001
in.rlogind:uxcoedb001
[root@uxcoedb002 etc]# ipchains -nvL
Chain input (policy ACCEPT: 4765 packets, 214133 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 ACCEPT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 22
5 240 ACCEPT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 23
192 10558 ACCEPT all ------ 0xFF 0x00 lo 0.0.0.0/0 0.0.0.0/0 n/a
172 9672 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 2049
26386 2446K REJECT udp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
0 0 REJECT udp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 2049
0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 6000:6009
0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 7100
Chain forward (policy ACCEPT: 0 packets, 0 bytes):
Chain output (policy ACCEPT: 3228 packets, 316082 bytes):
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-27-2005 06:02 PM
тАО06-27-2005 06:02 PM
Re: rsh and rlogin
[root@uxcoedb002 etc]# cat /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
[root@uxcoedb002 etc]#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-27-2005 06:08 PM
тАО06-27-2005 06:08 PM
Solution[root@uxcoedb002 etc]# ipchains -nvL
Chain input (policy ACCEPT: 4765 packets, 214133 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 ACCEPT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 22
5 240 ACCEPT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 23
192 10558 ACCEPT all ------ 0xFF 0x00 lo 0.0.0.0/0 0.0.0.0/0 n/a
172 9672 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 2049
26386 2446K REJECT udp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
0 0 REJECT udp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 2049
0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 6000:6009
0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 7100
In particular, this line:
172 9672 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023
What this is doing is rejecting any packet destened for TCP ports 512-514.
So what you need to do is insert some firewall rules to allow it through, i.e.:
ipchains -I input -j ACCEPT -p tcp -y -d 0/0 512:514
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-27-2005 06:39 PM
тАО06-27-2005 06:39 PM
Re: rsh and rlogin
and in particular, thanks to Stuart for his time, patience and effort ...
Hope this helps others as well
Spot - on .
Beats me how this policy got in, but now I can work ....
:-)))))
Luis
- « Previous
-
- 1
- 2
- Next »