1 |
I had that in my configuration. I just turned on 0.0.0.0 for the |
2 |
only_from, which allows from anyone. The key for me was to comment |
3 |
out the secure_tty setting in /etc/pam.d/rsh. This allowed no-passwd |
4 |
rsh login. |
5 |
|
6 |
Thanks again for all the help... |
7 |
|
8 |
-Jared |
9 |
|
10 |
On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote: |
11 |
> |
12 |
> Gah! You did the same thing I did.. |
13 |
> |
14 |
> exit /etc/xinetd.conf and look for the line: |
15 |
> only_from = localhost |
16 |
> and add this line after it: |
17 |
> only_from += <your ip range>/24 |
18 |
> |
19 |
> This always catches me off guard. I forget it and spend days trying |
20 |
> to fix it! =) |
21 |
> |
22 |
> On May 17, 2006, at 5:31 PM, Jared Greenwald wrote: |
23 |
> |
24 |
> > I do have an entry in the /root/.rhosts file for the remote node, but |
25 |
> > it actually seems that pam is outright rejecting the rsh connection |
26 |
> > |
27 |
> > I'll have to play with the pam settings I suppose. |
28 |
> > |
29 |
> > Thanks again for the help... |
30 |
> > |
31 |
> > -Jared |
32 |
> > |
33 |
> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote: |
34 |
> >> I assume you mean passwordless logins. |
35 |
> >> |
36 |
> >> my /etc/pam.d/rlogin: |
37 |
> >> #%PAM-1.0 |
38 |
> >> # For root login to succeed here with pam_securetty, "rlogin" must be |
39 |
> >> # listed in /etc/securetty. |
40 |
> >> auth required pam_nologin.so |
41 |
> >> auth required pam_securetty.so |
42 |
> >> auth required pam_env.so |
43 |
> >> auth sufficient pam_rhosts_auth.so |
44 |
> >> auth include system-auth |
45 |
> >> account include system-auth |
46 |
> >> password include system-auth |
47 |
> >> session include system-auth |
48 |
> >> |
49 |
> >> My /etc/pam.d/rsh |
50 |
> >> #%PAM-1.0 |
51 |
> >> # For root login to succeed here with pam_securetty, "rsh" must be |
52 |
> >> # listed in /etc/securetty. |
53 |
> >> auth required pam_nologin.so |
54 |
> >> auth required pam_securetty.so |
55 |
> >> auth optional pam_env.so |
56 |
> >> |
57 |
> >> # Uncomment this and comment the following to use rhosts_auth module |
58 |
> >> auth required pam_rhosts_auth.so |
59 |
> >> #auth include system-auth |
60 |
> >> |
61 |
> >> account include system-auth |
62 |
> >> session include system-auth |
63 |
> >> |
64 |
> >> My /etc/pam.d/rexec |
65 |
> >> #%PAM-1.0 |
66 |
> >> # For root login to succeed here with pam_securetty, "rexec" must be |
67 |
> >> # listed in /etc/securetty. |
68 |
> >> auth required pam_nologin.so |
69 |
> >> auth required pam_securetty.so |
70 |
> >> auth optional pam_env.so |
71 |
> >> auth required pam_rhosts_auth.so |
72 |
> >> auth include system-auth |
73 |
> >> account include system-auth |
74 |
> >> session include system-auth |
75 |
> >> |
76 |
> >> |
77 |
> >> then add the three protocols to /etc/securetty =) |
78 |
> >> |
79 |
> >> |
80 |
> >> |
81 |
> >> |
82 |
> >> |
83 |
> >> |
84 |
> >> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote: |
85 |
> >> |
86 |
> >> > Now the only problem is how do stop pam from blocking rsh access? |
87 |
> >> > |
88 |
> >> > -Jared |
89 |
> >> > |
90 |
> >> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote: |
91 |
> >> >> There shouldn't be an rsh process running. xinetd starts it when a |
92 |
> >> >> user connects. |
93 |
> >> >> |
94 |
> >> >> The best way to troubleshoot xinetd problems is to start xinetd in |
95 |
> >> >> debugging mode. |
96 |
> >> >> |
97 |
> >> >> xinetd -d |
98 |
> >> >> |
99 |
> >> >> If you see that the servive started then you can do a netstat - |
100 |
> >> ap and |
101 |
> >> >> look for the service name in there (shell/login/exec for rsh/ |
102 |
> >> rlogin/ |
103 |
> >> >> rexec). Once there you should be good to go =) |
104 |
> >> >> |
105 |
> >> >> |
106 |
> >> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote: |
107 |
> >> >> |
108 |
> >> >> > I'm looking for some help in setting up netkit rsh. |
109 |
> >> >> > |
110 |
> >> >> > Please no comments about how rsh in unsecure and all that = I |
111 |
> >> know |
112 |
> >> >> > that, but I need rsh specifically to hook into a tool that my IT |
113 |
> >> >> > department uses for backups. |
114 |
> >> >> > |
115 |
> >> >> > So, I've got netkit-rsh and xinetd installed. |
116 |
> >> >> > |
117 |
> >> >> > In the /etc/xinetd.d/rsh file I've changed the following from: |
118 |
> >> >> > |
119 |
> >> >> > disable yes |
120 |
> >> >> > |
121 |
> >> >> > to |
122 |
> >> >> > |
123 |
> >> >> > disable no |
124 |
> >> >> > |
125 |
> >> >> > Then I restarted xinetd. At this point there is an xinetd |
126 |
> >> process, |
127 |
> >> >> > but no rsh (rshd or in.rsh) process running. |
128 |
> >> >> > |
129 |
> >> >> > A quick look in the log shows that one xinetd service has |
130 |
> >> started: |
131 |
> >> >> > |
132 |
> >> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13 |
133 |
> >> >> started |
134 |
> >> >> > with libwrap loadavg options compiled in. |
135 |
> >> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1 |
136 |
> >> available |
137 |
> >> >> > service |
138 |
> >> >> > |
139 |
> >> >> > So, the question is - what am I missing? |
140 |
> >> >> > |
141 |
> >> >> > Any and all assistance would be greatly appreciated. |
142 |
> >> >> > |
143 |
> >> >> > Thanks, |
144 |
> >> >> > Jared |
145 |
> >> >> > |
146 |
> >> >> > -- |
147 |
> >> >> > gentoo-cluster@g.o mailing list |
148 |
> >> >> > |
149 |
> >> >> |
150 |
> >> >> -- |
151 |
> >> >> gentoo-cluster@g.o mailing list |
152 |
> >> >> |
153 |
> >> >> |
154 |
> >> > |
155 |
> >> > -- |
156 |
> >> > gentoo-cluster@g.o mailing list |
157 |
> >> > |
158 |
> >> |
159 |
> >> -- |
160 |
> >> gentoo-cluster@g.o mailing list |
161 |
> >> |
162 |
> >> |
163 |
> > |
164 |
> > -- |
165 |
> > gentoo-cluster@g.o mailing list |
166 |
> > |
167 |
> |
168 |
> -- |
169 |
> gentoo-cluster@g.o mailing list |
170 |
> |
171 |
> |
172 |
|
173 |
-- |
174 |
gentoo-cluster@g.o mailing list |