Re: [gentoo-cluster] netkit-rsh help needed - gentoo-cluster

From:	Brady Catherman <bradyc@××××××.edu>
To:	gentoo-cluster@l.g.o
Subject:	Re: [gentoo-cluster] netkit-rsh help needed
Date:	Thu, 18 May 2006 00:43:47
Message-Id:	`93EB456E-9737-459B-B84A-6B9794D9FF2C@uidaho.edu`
In Reply to:	Re: [gentoo-cluster] netkit-rsh help needed by Jared Greenwald

1

Gah! You did the same thing I did..

2

3

exit /etc/xinetd.conf and look for the line:

4

only_from = localhost

5

and add this line after it:

6

only_from += <your ip range>/24

7

8

This always catches me off guard. I forget it and spend days trying  

9

to fix it! =)

10

11

On May 17, 2006, at 5:31 PM, Jared Greenwald wrote:

12

13

> I do have an entry in the /root/.rhosts file for the remote node, but

14

> it actually seems that pam is outright rejecting the rsh connection

15

>

16

> I'll  have to play with the pam settings I suppose.

17

>

18

> Thanks again for the help...

19

>

20

> -Jared

21

>

22

> On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:

23

>> I assume you mean passwordless logins.

24

>>

25

>> my /etc/pam.d/rlogin:

26

>> #%PAM-1.0

27

>> # For root login to succeed here with pam_securetty, "rlogin" must be

28

>> # listed in /etc/securetty.

29

>> auth       required             pam_nologin.so

30

>> auth       required             pam_securetty.so

31

>> auth       required     pam_env.so

32

>> auth       sufficient   pam_rhosts_auth.so

33

>> auth       include              system-auth

34

>> account    include              system-auth

35

>> password   include              system-auth

36

>> session    include              system-auth

37

>>

38

>> My /etc/pam.d/rsh

39

>> #%PAM-1.0

40

>> # For root login to succeed here with pam_securetty, "rsh" must be

41

>> # listed in /etc/securetty.

42

>> auth       required     pam_nologin.so

43

>> auth       required     pam_securetty.so

44

>> auth       optional     pam_env.so

45

>>

46

>> # Uncomment this and comment the following to use rhosts_auth module

47

>> auth       required     pam_rhosts_auth.so

48

>> #auth       include     system-auth

49

>>

50

>> account    include      system-auth

51

>> session    include      system-auth

52

>>

53

>> My /etc/pam.d/rexec

54

>> #%PAM-1.0

55

>> # For root login to succeed here with pam_securetty, "rexec" must be

56

>> # listed in /etc/securetty.

57

>> auth       required     pam_nologin.so

58

>> auth       required     pam_securetty.so

59

>> auth       optional     pam_env.so

60

>> auth       required     pam_rhosts_auth.so

61

>> auth       include      system-auth

62

>> account    include      system-auth

63

>> session    include      system-auth

64

>>

65

>>

66

>> then add the three protocols to /etc/securetty =)

67

>>

68

>>

69

>>

70

>>

71

>>

72

>>

73

>> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote:

74

>>

75

>> > Now the only problem is how do stop pam from blocking rsh access?

76

>> >

77

>> > -Jared

78

>> >

79

>> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:

80

>> >> There shouldn't be an rsh process running. xinetd starts it when a

81

>> >> user connects.

82

>> >>

83

>> >> The best way to troubleshoot xinetd problems is to start xinetd in

84

>> >> debugging mode.

85

>> >>

86

>> >> xinetd -d

87

>> >>

88

>> >> If you see that the servive started then you can do a netstat -

89

>> ap and

90

>> >> look for the service name in there (shell/login/exec for rsh/

91

>> rlogin/

92

>> >> rexec). Once there you should be good to go =)

93

>> >>

94

>> >>

95

>> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote:

96

>> >>

97

>> >> > I'm looking for some help in setting up netkit rsh.

98

>> >> >

99

>> >> > Please no comments about how rsh in unsecure and all that = I

100

>> know

101

>> >> > that, but I need rsh specifically to hook into a tool that my IT

102

>> >> > department uses for backups.

103

>> >> >

104

>> >> > So, I've got netkit-rsh and xinetd installed.

105

>> >> >

106

>> >> > In the /etc/xinetd.d/rsh file I've changed the following from:

107

>> >> >

108

>> >> > disable yes

109

>> >> >

110

>> >> > to

111

>> >> >

112

>> >> > disable no

113

>> >> >

114

>> >> > Then I restarted xinetd.  At this point there is an xinetd

115

>> process,

116

>> >> > but no rsh (rshd or in.rsh) process running.

117

>> >> >

118

>> >> > A quick look in the log shows that one xinetd service has

119

>> started:

120

>> >> >

121

>> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13

122

>> >> started

123

>> >> > with libwrap loadavg options compiled in.

124

>> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1

125

>> available

126

>> >> > service

127

>> >> >

128

>> >> > So, the question is - what am I missing?

129

>> >> >

130

>> >> > Any and all assistance would be greatly appreciated.

131

>> >> >

132

>> >> > Thanks,

133

>> >> > Jared

134

>> >> >

135

>> >> > --

136

>> >> > gentoo-cluster@g.o mailing list

137

>> >> >

138

>> >>

139

>> >> --

140

>> >> gentoo-cluster@g.o mailing list

141

>> >>

142

>> >>

143

>> >

144

>> > --

145

>> > gentoo-cluster@g.o mailing list

146

>> >

147

>>

148

>> --

149

>> gentoo-cluster@g.o mailing list

150

>>

151

>>

152

>

153

> --

154

> gentoo-cluster@g.o mailing list

155

>

156

157

--

158

gentoo-cluster@g.o mailing list

1	Gah! You did the same thing I did..
2
3	exit /etc/xinetd.conf and look for the line:
4	only_from = localhost
5	and add this line after it:
6	only_from += <your ip range>/24
7
8	This always catches me off guard. I forget it and spend days trying
9	to fix it! =)
10
11	On May 17, 2006, at 5:31 PM, Jared Greenwald wrote:
12
13	> I do have an entry in the /root/.rhosts file for the remote node, but
14	> it actually seems that pam is outright rejecting the rsh connection
15	>
16	> I'll have to play with the pam settings I suppose.
17	>
18	> Thanks again for the help...
19	>
20	> -Jared
21	>
22	> On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:
23	>> I assume you mean passwordless logins.
24	>>
25	>> my /etc/pam.d/rlogin:
26	>> #%PAM-1.0
27	>> # For root login to succeed here with pam_securetty, "rlogin" must be
28	>> # listed in /etc/securetty.
29	>> auth required pam_nologin.so
30	>> auth required pam_securetty.so
31	>> auth required pam_env.so
32	>> auth sufficient pam_rhosts_auth.so
33	>> auth include system-auth
34	>> account include system-auth
35	>> password include system-auth
36	>> session include system-auth
37	>>
38	>> My /etc/pam.d/rsh
39	>> #%PAM-1.0
40	>> # For root login to succeed here with pam_securetty, "rsh" must be
41	>> # listed in /etc/securetty.
42	>> auth required pam_nologin.so
43	>> auth required pam_securetty.so
44	>> auth optional pam_env.so
45	>>
46	>> # Uncomment this and comment the following to use rhosts_auth module
47	>> auth required pam_rhosts_auth.so
48	>> #auth include system-auth
49	>>
50	>> account include system-auth
51	>> session include system-auth
52	>>
53	>> My /etc/pam.d/rexec
54	>> #%PAM-1.0
55	>> # For root login to succeed here with pam_securetty, "rexec" must be
56	>> # listed in /etc/securetty.
57	>> auth required pam_nologin.so
58	>> auth required pam_securetty.so
59	>> auth optional pam_env.so
60	>> auth required pam_rhosts_auth.so
61	>> auth include system-auth
62	>> account include system-auth
63	>> session include system-auth
64	>>
65	>>
66	>> then add the three protocols to /etc/securetty =)
67	>>
68	>>
69	>>
70	>>
71	>>
72	>>
73	>> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote:
74	>>
75	>> > Now the only problem is how do stop pam from blocking rsh access?
76	>> >
77	>> > -Jared
78	>> >
79	>> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:
80	>> >> There shouldn't be an rsh process running. xinetd starts it when a
81	>> >> user connects.
82	>> >>
83	>> >> The best way to troubleshoot xinetd problems is to start xinetd in
84	>> >> debugging mode.
85	>> >>
86	>> >> xinetd -d
87	>> >>
88	>> >> If you see that the servive started then you can do a netstat -
89	>> ap and
90	>> >> look for the service name in there (shell/login/exec for rsh/
91	>> rlogin/
92	>> >> rexec). Once there you should be good to go =)
93	>> >>
94	>> >>
95	>> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote:
96	>> >>
97	>> >> > I'm looking for some help in setting up netkit rsh.
98	>> >> >
99	>> >> > Please no comments about how rsh in unsecure and all that = I
100	>> know
101	>> >> > that, but I need rsh specifically to hook into a tool that my IT
102	>> >> > department uses for backups.
103	>> >> >
104	>> >> > So, I've got netkit-rsh and xinetd installed.
105	>> >> >
106	>> >> > In the /etc/xinetd.d/rsh file I've changed the following from:
107	>> >> >
108	>> >> > disable yes
109	>> >> >
110	>> >> > to
111	>> >> >
112	>> >> > disable no
113	>> >> >
114	>> >> > Then I restarted xinetd. At this point there is an xinetd
115	>> process,
116	>> >> > but no rsh (rshd or in.rsh) process running.
117	>> >> >
118	>> >> > A quick look in the log shows that one xinetd service has
119	>> started:
120	>> >> >
121	>> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13
122	>> >> started
123	>> >> > with libwrap loadavg options compiled in.
124	>> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1
125	>> available
126	>> >> > service
127	>> >> >
128	>> >> > So, the question is - what am I missing?
129	>> >> >
130	>> >> > Any and all assistance would be greatly appreciated.
131	>> >> >
132	>> >> > Thanks,
133	>> >> > Jared
134	>> >> >
135	>> >> > --
136	>> >> > gentoo-cluster@g.o mailing list
137	>> >> >
138	>> >>
139	>> >> --
140	>> >> gentoo-cluster@g.o mailing list
141	>> >>
142	>> >>
143	>> >
144	>> > --
145	>> > gentoo-cluster@g.o mailing list
146	>> >
147	>>
148	>> --
149	>> gentoo-cluster@g.o mailing list
150	>>
151	>>
152	>
153	> --
154	> gentoo-cluster@g.o mailing list
155	>
156
157	--
158	gentoo-cluster@g.o mailing list

Gentoo Archives: gentoo-cluster