[PLUG] Urgent help with `rsh'

Sat Jun 8 19:24:54 UTC 2002

Sorry for the "urgent" but, well, it's urgent.

I need to use `rsh' as root to accomplish a task.

Aside: please --- no lectures on the security risks involved; I'm fully
                  aware of these.  To put your minds at rest: the task is
                  to be performed in a completely
                  closed env. and after it's done rsh will be removed
                  from the system.  

I've installed `in.rshd' on a mandrake 8.2 system (hostname == `medulla')
I need to do a sequence of root --> root remote command executions
like (as root on pons):

      rsh medulla cmd_1
      rsh medulla cmd_2 ...

In which data will flow between the machines.

I have put  a `.rhosts' file in the root dir. of medulla and
a lone `rsh medulla' gets me a root prompt so I know that the
basic communications ports are all working.

But when I do `rsh medulla cmd'  I get either:

"permission denied"  or "Connection refused" as elaborated below.

Here is my current /etc/xinetd.d/rsh file on medulla:

     # default: off
     # description: The rshd server is the server for the rcmd(3) routine and, \
     #	consequently, for the rsh(1) program.  The server provides \
     #	remote execution facilities with authentication based on \
     #	privileged port numbers from trusted hosts.
     service shell
     {
             socket_type		= stream
             wait			= no
             user			= root
             log_on_success		+= USERID
             log_on_failure 		+= USERID
             server			= /usr/sbin/in.rshd -h -L
             disable			= no
     }    

Note the `-h' flag on the server line.  Without it I get the
"permission denied" message on pons.   The `rshd' man page says
that without the flag I can't execute remote commands so this is expected.

When I add the flag I get the "Connection refused" message.
I don't see anything in /var/log/messages or /var/log/auth.log
which helps.

I suspect that PAM is somehow involved in this problem.

Here is my current /etc/pam.d/rsh file on medulla:

    #%PAM-1.0
    # For root login to succeed here with pam_securetty, "rsh" must be
    # listed in /etc/securetty.
    auth       required	/lib/security/pam_nologin.so
    auth       required	/lib/security/pam_securetty.so
    auth       required     /lib/security/pam_env.so
    auth       required     /lib/security/pam_rhosts_auth.so
    account    required	/lib/security/pam_stack.so service=system-auth
    session    required	/lib/security/pam_stack.so service=system-auth

As always, any help in getting this to work will be appreciated.
And, of course I'm in a huge hurry as I'm leaving on a business trip
and need to have this working before I go.

                                  Dean S. Messing
                                  Information Systems Technologies Dept.
                                  Sharp Laboratories of America
                          E-Mail: deanm at sharplabs.com