[PLUG] Urgent help with `rsh'
Dean S. Messing
deanm at sharplabs.com
Sat Jun 8 19:24:54 UTC 2002
Sorry for the "urgent" but, well, it's urgent.
I need to use `rsh' as root to accomplish a task.
Aside: please --- no lectures on the security risks involved; I'm fully
aware of these. To put your minds at rest: the task is
to be performed in a completely
closed env. and after it's done rsh will be removed
from the system.
I've installed `in.rshd' on a mandrake 8.2 system (hostname == `medulla')
I need to do a sequence of root --> root remote command executions
like (as root on pons):
rsh medulla cmd_1
rsh medulla cmd_2 ...
In which data will flow between the machines.
I have put a `.rhosts' file in the root dir. of medulla and
a lone `rsh medulla' gets me a root prompt so I know that the
basic communications ports are all working.
But when I do `rsh medulla cmd' I get either:
"permission denied" or "Connection refused" as elaborated below.
Here is my current /etc/xinetd.d/rsh file on medulla:
# default: off
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd -h -L
disable = no
}
Note the `-h' flag on the server line. Without it I get the
"permission denied" message on pons. The `rshd' man page says
that without the flag I can't execute remote commands so this is expected.
When I add the flag I get the "Connection refused" message.
I don't see anything in /var/log/messages or /var/log/auth.log
which helps.
I suspect that PAM is somehow involved in this problem.
Here is my current /etc/pam.d/rsh file on medulla:
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_rhosts_auth.so
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
As always, any help in getting this to work will be appreciated.
And, of course I'm in a huge hurry as I'm leaving on a business trip
and need to have this working before I go.
Dean S. Messing
Information Systems Technologies Dept.
Sharp Laboratories of America
E-Mail: deanm at sharplabs.com
More information about the PLUG
mailing list