[PLUG] Urgent help with `rsh'
Matt Alexander
m at netpro.to
Sat Jun 8 19:44:02 UTC 2002
Here's a link that talks about how to setup rsh, including adding entries
to /etc/securetty (which may be all you need):
http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-pam-rexec.html
On Sat, 8 Jun 2002, Dean S. Messing wrote:
>
> Sorry for the "urgent" but, well, it's urgent.
>
> I need to use `rsh' as root to accomplish a task.
>
> Aside: please --- no lectures on the security risks involved; I'm fully
> aware of these. To put your minds at rest: the task is
> to be performed in a completely
> closed env. and after it's done rsh will be removed
> from the system.
>
> I've installed `in.rshd' on a mandrake 8.2 system (hostname == `medulla')
> I need to do a sequence of root --> root remote command executions
> like (as root on pons):
>
> rsh medulla cmd_1
> rsh medulla cmd_2 ...
>
> In which data will flow between the machines.
>
> I have put a `.rhosts' file in the root dir. of medulla and
> a lone `rsh medulla' gets me a root prompt so I know that the
> basic communications ports are all working.
>
> But when I do `rsh medulla cmd' I get either:
>
> "permission denied" or "Connection refused" as elaborated below.
>
> Here is my current /etc/xinetd.d/rsh file on medulla:
>
> # default: off
> # description: The rshd server is the server for the rcmd(3) routine and, \
> # consequently, for the rsh(1) program. The server provides \
> # remote execution facilities with authentication based on \
> # privileged port numbers from trusted hosts.
> service shell
> {
> socket_type = stream
> wait = no
> user = root
> log_on_success += USERID
> log_on_failure += USERID
> server = /usr/sbin/in.rshd -h -L
> disable = no
> }
>
>
> Note the `-h' flag on the server line. Without it I get the
> "permission denied" message on pons. The `rshd' man page says
> that without the flag I can't execute remote commands so this is expected.
>
> When I add the flag I get the "Connection refused" message.
> I don't see anything in /var/log/messages or /var/log/auth.log
> which helps.
>
> I suspect that PAM is somehow involved in this problem.
>
> Here is my current /etc/pam.d/rsh file on medulla:
>
>
> #%PAM-1.0
> # For root login to succeed here with pam_securetty, "rsh" must be
> # listed in /etc/securetty.
> auth required /lib/security/pam_nologin.so
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_env.so
> auth required /lib/security/pam_rhosts_auth.so
> account required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
>
>
> As always, any help in getting this to work will be appreciated.
> And, of course I'm in a huge hurry as I'm leaving on a business trip
> and need to have this working before I go.
>
>
> Dean S. Messing
> Information Systems Technologies Dept.
> Sharp Laboratories of America
> E-Mail: deanm at sharplabs.com
>
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
More information about the PLUG
mailing list