Re: [gentoo-cluster] netkit-rsh help needed - gentoo-cluster

From:	Jared Greenwald <greenwaldjared@×××××.com>
To:	gentoo-cluster@l.g.o
Subject:	Re: [gentoo-cluster] netkit-rsh help needed
Date:	Thu, 18 May 2006 00:32:22
Message-Id:	`2759cf860605171731ua682900p10318b44b93abd72@mail.gmail.com`
In Reply to:	Re: [gentoo-cluster] netkit-rsh help needed by Brady Catherman

1

I do have an entry in the /root/.rhosts file for the remote node, but

2

it actually seems that pam is outright rejecting the rsh connection

3

4

I'll  have to play with the pam settings I suppose.

5

6

Thanks again for the help...

7

8

-Jared

9

10

On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:

11

> I assume you mean passwordless logins.

12

>

13

> my /etc/pam.d/rlogin:

14

> #%PAM-1.0

15

> # For root login to succeed here with pam_securetty, "rlogin" must be

16

> # listed in /etc/securetty.

17

> auth       required             pam_nologin.so

18

> auth       required             pam_securetty.so

19

> auth       required     pam_env.so

20

> auth       sufficient   pam_rhosts_auth.so

21

> auth       include              system-auth

22

> account    include              system-auth

23

> password   include              system-auth

24

> session    include              system-auth

25

>

26

> My /etc/pam.d/rsh

27

> #%PAM-1.0

28

> # For root login to succeed here with pam_securetty, "rsh" must be

29

> # listed in /etc/securetty.

30

> auth       required     pam_nologin.so

31

> auth       required     pam_securetty.so

32

> auth       optional     pam_env.so

33

>

34

> # Uncomment this and comment the following to use rhosts_auth module

35

> auth       required     pam_rhosts_auth.so

36

> #auth       include     system-auth

37

>

38

> account    include      system-auth

39

> session    include      system-auth

40

>

41

> My /etc/pam.d/rexec

42

> #%PAM-1.0

43

> # For root login to succeed here with pam_securetty, "rexec" must be

44

> # listed in /etc/securetty.

45

> auth       required     pam_nologin.so

46

> auth       required     pam_securetty.so

47

> auth       optional     pam_env.so

48

> auth       required     pam_rhosts_auth.so

49

> auth       include      system-auth

50

> account    include      system-auth

51

> session    include      system-auth

52

>

53

>

54

> then add the three protocols to /etc/securetty =)

55

>

56

>

57

>

58

>

59

>

60

>

61

> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote:

62

>

63

> > Now the only problem is how do stop pam from blocking rsh access?

64

> >

65

> > -Jared

66

> >

67

> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:

68

> >> There shouldn't be an rsh process running. xinetd starts it when a

69

> >> user connects.

70

> >>

71

> >> The best way to troubleshoot xinetd problems is to start xinetd in

72

> >> debugging mode.

73

> >>

74

> >> xinetd -d

75

> >>

76

> >> If you see that the servive started then you can do a netstat -ap and

77

> >> look for the service name in there (shell/login/exec for rsh/rlogin/

78

> >> rexec). Once there you should be good to go =)

79

> >>

80

> >>

81

> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote:

82

> >>

83

> >> > I'm looking for some help in setting up netkit rsh.

84

> >> >

85

> >> > Please no comments about how rsh in unsecure and all that = I know

86

> >> > that, but I need rsh specifically to hook into a tool that my IT

87

> >> > department uses for backups.

88

> >> >

89

> >> > So, I've got netkit-rsh and xinetd installed.

90

> >> >

91

> >> > In the /etc/xinetd.d/rsh file I've changed the following from:

92

> >> >

93

> >> > disable yes

94

> >> >

95

> >> > to

96

> >> >

97

> >> > disable no

98

> >> >

99

> >> > Then I restarted xinetd.  At this point there is an xinetd process,

100

> >> > but no rsh (rshd or in.rsh) process running.

101

> >> >

102

> >> > A quick look in the log shows that one xinetd service has started:

103

> >> >

104

> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13

105

> >> started

106

> >> > with libwrap loadavg options compiled in.

107

> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1 available

108

> >> > service

109

> >> >

110

> >> > So, the question is - what am I missing?

111

> >> >

112

> >> > Any and all assistance would be greatly appreciated.

113

> >> >

114

> >> > Thanks,

115

> >> > Jared

116

> >> >

117

> >> > --

118

> >> > gentoo-cluster@g.o mailing list

119

> >> >

120

> >>

121

> >> --

122

> >> gentoo-cluster@g.o mailing list

123

> >>

124

> >>

125

> >

126

> > --

127

> > gentoo-cluster@g.o mailing list

128

> >

129

>

130

> --

131

> gentoo-cluster@g.o mailing list

132

>

133

>

134

135

--

136

gentoo-cluster@g.o mailing list

Gentoo Archives: gentoo-cluster

Replies

1	I do have an entry in the /root/.rhosts file for the remote node, but
2	it actually seems that pam is outright rejecting the rsh connection
3
4	I'll have to play with the pam settings I suppose.
5
6	Thanks again for the help...
7
8	-Jared
9
10	On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:
11	> I assume you mean passwordless logins.
12	>
13	> my /etc/pam.d/rlogin:
14	> #%PAM-1.0
15	> # For root login to succeed here with pam_securetty, "rlogin" must be
16	> # listed in /etc/securetty.
17	> auth required pam_nologin.so
18	> auth required pam_securetty.so
19	> auth required pam_env.so
20	> auth sufficient pam_rhosts_auth.so
21	> auth include system-auth
22	> account include system-auth
23	> password include system-auth
24	> session include system-auth
25	>
26	> My /etc/pam.d/rsh
27	> #%PAM-1.0
28	> # For root login to succeed here with pam_securetty, "rsh" must be
29	> # listed in /etc/securetty.
30	> auth required pam_nologin.so
31	> auth required pam_securetty.so
32	> auth optional pam_env.so
33	>
34	> # Uncomment this and comment the following to use rhosts_auth module
35	> auth required pam_rhosts_auth.so
36	> #auth include system-auth
37	>
38	> account include system-auth
39	> session include system-auth
40	>
41	> My /etc/pam.d/rexec
42	> #%PAM-1.0
43	> # For root login to succeed here with pam_securetty, "rexec" must be
44	> # listed in /etc/securetty.
45	> auth required pam_nologin.so
46	> auth required pam_securetty.so
47	> auth optional pam_env.so
48	> auth required pam_rhosts_auth.so
49	> auth include system-auth
50	> account include system-auth
51	> session include system-auth
52	>
53	>
54	> then add the three protocols to /etc/securetty =)
55	>
56	>
57	>
58	>
59	>
60	>
61	> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote:
62	>
63	> > Now the only problem is how do stop pam from blocking rsh access?
64	> >
65	> > -Jared
66	> >
67	> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:
68	> >> There shouldn't be an rsh process running. xinetd starts it when a
69	> >> user connects.
70	> >>
71	> >> The best way to troubleshoot xinetd problems is to start xinetd in
72	> >> debugging mode.
73	> >>
74	> >> xinetd -d
75	> >>
76	> >> If you see that the servive started then you can do a netstat -ap and
77	> >> look for the service name in there (shell/login/exec for rsh/rlogin/
78	> >> rexec). Once there you should be good to go =)
79	> >>
80	> >>
81	> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote:
82	> >>
83	> >> > I'm looking for some help in setting up netkit rsh.
84	> >> >
85	> >> > Please no comments about how rsh in unsecure and all that = I know
86	> >> > that, but I need rsh specifically to hook into a tool that my IT
87	> >> > department uses for backups.
88	> >> >
89	> >> > So, I've got netkit-rsh and xinetd installed.
90	> >> >
91	> >> > In the /etc/xinetd.d/rsh file I've changed the following from:
92	> >> >
93	> >> > disable yes
94	> >> >
95	> >> > to
96	> >> >
97	> >> > disable no
98	> >> >
99	> >> > Then I restarted xinetd. At this point there is an xinetd process,
100	> >> > but no rsh (rshd or in.rsh) process running.
101	> >> >
102	> >> > A quick look in the log shows that one xinetd service has started:
103	> >> >
104	> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13
105	> >> started
106	> >> > with libwrap loadavg options compiled in.
107	> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1 available
108	> >> > service
109	> >> >
110	> >> > So, the question is - what am I missing?
111	> >> >
112	> >> > Any and all assistance would be greatly appreciated.
113	> >> >
114	> >> > Thanks,
115	> >> > Jared
116	> >> >
117	> >> > --
118	> >> > gentoo-cluster@g.o mailing list
119	> >> >
120	> >>
121	> >> --
122	> >> gentoo-cluster@g.o mailing list
123	> >>
124	> >>
125	> >
126	> > --
127	> > gentoo-cluster@g.o mailing list
128	> >
129	>
130	> --
131	> gentoo-cluster@g.o mailing list
132	>
133	>
134
135	--
136	gentoo-cluster@g.o mailing list