HPE Community
Operating System - Linux
1831826 Members
2929 Online
110031 Solutions
New Discussion

rsh from HP-UX to LinuX Redhat

 
bob_88
Occasional Contributor

‎05-28-2002 06:16 PM

‎05-28-2002 06:16 PM

rsh from HP-UX to LinuX Redhat

I am getting the following errors when trying to rsh between HP-UX and Linux.

HP-UX -> Linux
rcmd:connect::connection refused

Linux -> HP-UX
poll: protocal failure in circuit setup

Note that I can rsh to 3 other linux boxes I have from the same HP-UX box, so I guess the problem lies with Linux.
0 Kudos
Reply
5 REPLIES 5
Stuart Browne
Honored Contributor

‎05-28-2002 06:44 PM

‎05-28-2002 06:44 PM

Re: rsh from HP-UX to LinuX Redhat

With 'This' linux box, you need to do some checking.

You need to check '~user/.rhosts', or '/etc/hosts.equiv' to see if you have remote equivalency.

You also need to make sure that the 'r' commands are enabled on the linux box (depending on what distribution/version depends on how you go about enabling them).

To see if they are, you want to do (on the Linux box) something like:

netstat -na | grep -E "(512|513|514).*LISTEN"

and see if anything is returned. If it does, then it's possible that the Linux box has those ports firewalled.

IPChains or IPTables rules are possibly in place given that.

Anyway.. some things to check.
One long-haired git at your service...
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎05-28-2002 06:48 PM

‎05-28-2002 06:48 PM

Re: rsh from HP-UX to LinuX Redhat

Ugh.. Completely forgot to mention one line of thinking.

What user are you trying to rsh as?

I know that RedHat distributions limit the ability to rsh as 'root' for security reasons. This can be circumvented by modifying the /etc/pam.d/ files, and removing (or commenting out) the 'auth required /lib/security/pam_securetty.so' line.

This does however mean that everybody else can also do it.

anyway..
One long-haired git at your service...
0 Kudos
Reply
bob_88
Occasional Contributor

‎05-28-2002 11:04 PM

‎05-28-2002 11:04 PM

Re: rsh from HP-UX to LinuX Redhat

On Linux
# cat /root/.rhosts
root
# cat /etc/hosts.equiv
root

On HP-UX
# cat /.rhosts
root
# cat /etc/hosts.equiv
root

So I think this is ok.

# netstat -na | grep -E "(512|513|514).*LISTEN"
tcp 0 0 0.0.0.0:512 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:513 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN

Is this what is expected? One odd thing I have noticed, I can rsh to the HP-UX box fine, but I can't rsh and add a command like

rsh ls

so the firewalls rules must be ok.

I think that I have the /etc/pam.d entries in good shape

# grep pam_sec *
login:#auth required /lib/security/pam_securetty.so
rexec:# For root login to succeed here with pam_securetty, "rexec" must be
rexec:#auth required /lib/security/pam_securetty.so
rlogin:# For root login to succeed here with pam_securetty, "rlogin" must be
rlogin:#auth required /lib/security/pam_securetty.so
rsh:# For root login to succeed here with pam_securetty, "rsh" must be
rsh:#auth required /lib/security/pam_securetty.so

Any other ideas, as I am fresh out on this one......
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎05-28-2002 11:25 PM

‎05-28-2002 11:25 PM

Re: rsh from HP-UX to LinuX Redhat

Some more. Check the permissions on '/root/.rhosts'.

Remove 'root' from the entry in that file. It's not required.

Remove the entry from either the .rhosts, or the hosts.equiv. One or the other. You don't need both (although it shouldn't hurt).

From the linux box, can you 'ping ' ? i.e. does the machine name resolve to an IP correclty? If not, either fix that, or add the HP-UX's box's IP to the .rhosts file.

What entries do you get in '/var/log/messages' when you try to 'rsh' from the HPUX box?

Just because you can rsh from the Linux box to the HPUX box doesn't mean the firewall rules are ok. The whole idea of firewall rules is you can do stuff, but people outside of you cannot.

List the rules currently in place by using one of the following 3 commands (depending on the age of the as-yet undisclosed distribution and version):

(OLD)
ipfwadm -Iln
(Getting OLD)
ipchains -nL
(Current)
iptables -nL

These will list the firewalling on inbound traffic. If you see anything with a destination port of 51[234], then you've got fire-walling rules in place.

I'm picking your best luck will be with the error messages you get in /var/log/messages when you try to execute a command from the remote box.

Good luck.
One long-haired git at your service...
0 Kudos
Reply
Krishna Prasad
Trusted Contributor

‎06-11-2002 04:59 AM

‎06-11-2002 04:59 AM

Re: rsh from HP-UX to LinuX Redhat

The setup suggested will work...but
Have you considered installing openssh on your hp-ux machine and not using the rsh at all.

The openssh options will be much more secure and can replace telnet that is plain text over the wire.
Positive Results requires Positive Thinking
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.