Re: [gentoo-cluster] netkit-rsh help needed - SOLVED - gentoo-cluster

From:	Jared Greenwald <greenwaldjared@×××××.com>
To:	gentoo-cluster@l.g.o
Subject:	Re: [gentoo-cluster] netkit-rsh help needed - SOLVED
Date:	Thu, 18 May 2006 02:42:26
Message-Id:	`2759cf860605171941m6f1d4f1etbf4a3b14ecc84e29@mail.gmail.com`

1

I had that in my configuration.  I just turned on 0.0.0.0 for the

2

only_from, which allows from anyone.  The key for me was to comment

3

out the secure_tty setting in /etc/pam.d/rsh.  This allowed no-passwd

4

rsh login.

5

6

Thanks again for all the help...

7

8

-Jared

9

10

On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:

11

>

12

> Gah! You did the same thing I did..

13

>

14

> exit /etc/xinetd.conf and look for the line:

15

> only_from = localhost

16

> and add this line after it:

17

> only_from += <your ip range>/24

18

>

19

> This always catches me off guard. I forget it and spend days trying

20

> to fix it! =)

21

>

22

> On May 17, 2006, at 5:31 PM, Jared Greenwald wrote:

23

>

24

> > I do have an entry in the /root/.rhosts file for the remote node, but

25

> > it actually seems that pam is outright rejecting the rsh connection

26

> >

27

> > I'll  have to play with the pam settings I suppose.

28

> >

29

> > Thanks again for the help...

30

> >

31

> > -Jared

32

> >

33

> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:

34

> >> I assume you mean passwordless logins.

35

> >>

36

> >> my /etc/pam.d/rlogin:

37

> >> #%PAM-1.0

38

> >> # For root login to succeed here with pam_securetty, "rlogin" must be

39

> >> # listed in /etc/securetty.

40

> >> auth       required             pam_nologin.so

41

> >> auth       required             pam_securetty.so

42

> >> auth       required     pam_env.so

43

> >> auth       sufficient   pam_rhosts_auth.so

44

> >> auth       include              system-auth

45

> >> account    include              system-auth

46

> >> password   include              system-auth

47

> >> session    include              system-auth

48

> >>

49

> >> My /etc/pam.d/rsh

50

> >> #%PAM-1.0

51

> >> # For root login to succeed here with pam_securetty, "rsh" must be

52

> >> # listed in /etc/securetty.

53

> >> auth       required     pam_nologin.so

54

> >> auth       required     pam_securetty.so

55

> >> auth       optional     pam_env.so

56

> >>

57

> >> # Uncomment this and comment the following to use rhosts_auth module

58

> >> auth       required     pam_rhosts_auth.so

59

> >> #auth       include     system-auth

60

> >>

61

> >> account    include      system-auth

62

> >> session    include      system-auth

63

> >>

64

> >> My /etc/pam.d/rexec

65

> >> #%PAM-1.0

66

> >> # For root login to succeed here with pam_securetty, "rexec" must be

67

> >> # listed in /etc/securetty.

68

> >> auth       required     pam_nologin.so

69

> >> auth       required     pam_securetty.so

70

> >> auth       optional     pam_env.so

71

> >> auth       required     pam_rhosts_auth.so

72

> >> auth       include      system-auth

73

> >> account    include      system-auth

74

> >> session    include      system-auth

75

> >>

76

> >>

77

> >> then add the three protocols to /etc/securetty =)

78

> >>

79

> >>

80

> >>

81

> >>

82

> >>

83

> >>

84

> >> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote:

85

> >>

86

> >> > Now the only problem is how do stop pam from blocking rsh access?

87

> >> >

88

> >> > -Jared

89

> >> >

90

> >> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:

91

> >> >> There shouldn't be an rsh process running. xinetd starts it when a

92

> >> >> user connects.

93

> >> >>

94

> >> >> The best way to troubleshoot xinetd problems is to start xinetd in

95

> >> >> debugging mode.

96

> >> >>

97

> >> >> xinetd -d

98

> >> >>

99

> >> >> If you see that the servive started then you can do a netstat -

100

> >> ap and

101

> >> >> look for the service name in there (shell/login/exec for rsh/

102

> >> rlogin/

103

> >> >> rexec). Once there you should be good to go =)

104

> >> >>

105

> >> >>

106

> >> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote:

107

> >> >>

108

> >> >> > I'm looking for some help in setting up netkit rsh.

109

> >> >> >

110

> >> >> > Please no comments about how rsh in unsecure and all that = I

111

> >> know

112

> >> >> > that, but I need rsh specifically to hook into a tool that my IT

113

> >> >> > department uses for backups.

114

> >> >> >

115

> >> >> > So, I've got netkit-rsh and xinetd installed.

116

> >> >> >

117

> >> >> > In the /etc/xinetd.d/rsh file I've changed the following from:

118

> >> >> >

119

> >> >> > disable yes

120

> >> >> >

121

> >> >> > to

122

> >> >> >

123

> >> >> > disable no

124

> >> >> >

125

> >> >> > Then I restarted xinetd.  At this point there is an xinetd

126

> >> process,

127

> >> >> > but no rsh (rshd or in.rsh) process running.

128

> >> >> >

129

> >> >> > A quick look in the log shows that one xinetd service has

130

> >> started:

131

> >> >> >

132

> >> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13

133

> >> >> started

134

> >> >> > with libwrap loadavg options compiled in.

135

> >> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1

136

> >> available

137

> >> >> > service

138

> >> >> >

139

> >> >> > So, the question is - what am I missing?

140

> >> >> >

141

> >> >> > Any and all assistance would be greatly appreciated.

142

> >> >> >

143

> >> >> > Thanks,

144

> >> >> > Jared

145

> >> >> >

146

> >> >> > --

147

> >> >> > gentoo-cluster@g.o mailing list

148

> >> >> >

149

> >> >>

150

> >> >> --

151

> >> >> gentoo-cluster@g.o mailing list

152

> >> >>

153

> >> >>

154

> >> >

155

> >> > --

156

> >> > gentoo-cluster@g.o mailing list

157

> >> >

158

> >>

159

> >> --

160

> >> gentoo-cluster@g.o mailing list

161

> >>

162

> >>

163

> >

164

> > --

165

> > gentoo-cluster@g.o mailing list

166

> >

167

>

168

> --

169

> gentoo-cluster@g.o mailing list

170

>

171

>

172

173

--

174

gentoo-cluster@g.o mailing list

1	I had that in my configuration. I just turned on 0.0.0.0 for the
2	only_from, which allows from anyone. The key for me was to comment
3	out the secure_tty setting in /etc/pam.d/rsh. This allowed no-passwd
4	rsh login.
5
6	Thanks again for all the help...
7
8	-Jared
9
10	On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:
11	>
12	> Gah! You did the same thing I did..
13	>
14	> exit /etc/xinetd.conf and look for the line:
15	> only_from = localhost
16	> and add this line after it:
17	> only_from += <your ip range>/24
18	>
19	> This always catches me off guard. I forget it and spend days trying
20	> to fix it! =)
21	>
22	> On May 17, 2006, at 5:31 PM, Jared Greenwald wrote:
23	>
24	> > I do have an entry in the /root/.rhosts file for the remote node, but
25	> > it actually seems that pam is outright rejecting the rsh connection
26	> >
27	> > I'll have to play with the pam settings I suppose.
28	> >
29	> > Thanks again for the help...
30	> >
31	> > -Jared
32	> >
33	> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:
34	> >> I assume you mean passwordless logins.
35	> >>
36	> >> my /etc/pam.d/rlogin:
37	> >> #%PAM-1.0
38	> >> # For root login to succeed here with pam_securetty, "rlogin" must be
39	> >> # listed in /etc/securetty.
40	> >> auth required pam_nologin.so
41	> >> auth required pam_securetty.so
42	> >> auth required pam_env.so
43	> >> auth sufficient pam_rhosts_auth.so
44	> >> auth include system-auth
45	> >> account include system-auth
46	> >> password include system-auth
47	> >> session include system-auth
48	> >>
49	> >> My /etc/pam.d/rsh
50	> >> #%PAM-1.0
51	> >> # For root login to succeed here with pam_securetty, "rsh" must be
52	> >> # listed in /etc/securetty.
53	> >> auth required pam_nologin.so
54	> >> auth required pam_securetty.so
55	> >> auth optional pam_env.so
56	> >>
57	> >> # Uncomment this and comment the following to use rhosts_auth module
58	> >> auth required pam_rhosts_auth.so
59	> >> #auth include system-auth
60	> >>
61	> >> account include system-auth
62	> >> session include system-auth
63	> >>
64	> >> My /etc/pam.d/rexec
65	> >> #%PAM-1.0
66	> >> # For root login to succeed here with pam_securetty, "rexec" must be
67	> >> # listed in /etc/securetty.
68	> >> auth required pam_nologin.so
69	> >> auth required pam_securetty.so
70	> >> auth optional pam_env.so
71	> >> auth required pam_rhosts_auth.so
72	> >> auth include system-auth
73	> >> account include system-auth
74	> >> session include system-auth
75	> >>
76	> >>
77	> >> then add the three protocols to /etc/securetty =)
78	> >>
79	> >>
80	> >>
81	> >>
82	> >>
83	> >>
84	> >> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote:
85	> >>
86	> >> > Now the only problem is how do stop pam from blocking rsh access?
87	> >> >
88	> >> > -Jared
89	> >> >
90	> >> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote:
91	> >> >> There shouldn't be an rsh process running. xinetd starts it when a
92	> >> >> user connects.
93	> >> >>
94	> >> >> The best way to troubleshoot xinetd problems is to start xinetd in
95	> >> >> debugging mode.
96	> >> >>
97	> >> >> xinetd -d
98	> >> >>
99	> >> >> If you see that the servive started then you can do a netstat -
100	> >> ap and
101	> >> >> look for the service name in there (shell/login/exec for rsh/
102	> >> rlogin/
103	> >> >> rexec). Once there you should be good to go =)
104	> >> >>
105	> >> >>
106	> >> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote:
107	> >> >>
108	> >> >> > I'm looking for some help in setting up netkit rsh.
109	> >> >> >
110	> >> >> > Please no comments about how rsh in unsecure and all that = I
111	> >> know
112	> >> >> > that, but I need rsh specifically to hook into a tool that my IT
113	> >> >> > department uses for backups.
114	> >> >> >
115	> >> >> > So, I've got netkit-rsh and xinetd installed.
116	> >> >> >
117	> >> >> > In the /etc/xinetd.d/rsh file I've changed the following from:
118	> >> >> >
119	> >> >> > disable yes
120	> >> >> >
121	> >> >> > to
122	> >> >> >
123	> >> >> > disable no
124	> >> >> >
125	> >> >> > Then I restarted xinetd. At this point there is an xinetd
126	> >> process,
127	> >> >> > but no rsh (rshd or in.rsh) process running.
128	> >> >> >
129	> >> >> > A quick look in the log shows that one xinetd service has
130	> >> started:
131	> >> >> >
132	> >> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13
133	> >> >> started
134	> >> >> > with libwrap loadavg options compiled in.
135	> >> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1
136	> >> available
137	> >> >> > service
138	> >> >> >
139	> >> >> > So, the question is - what am I missing?
140	> >> >> >
141	> >> >> > Any and all assistance would be greatly appreciated.
142	> >> >> >
143	> >> >> > Thanks,
144	> >> >> > Jared
145	> >> >> >
146	> >> >> > --
147	> >> >> > gentoo-cluster@g.o mailing list
148	> >> >> >
149	> >> >>
150	> >> >> --
151	> >> >> gentoo-cluster@g.o mailing list
152	> >> >>
153	> >> >>
154	> >> >
155	> >> > --
156	> >> > gentoo-cluster@g.o mailing list
157	> >> >
158	> >>
159	> >> --
160	> >> gentoo-cluster@g.o mailing list
161	> >>
162	> >>
163	> >
164	> > --
165	> > gentoo-cluster@g.o mailing list
166	> >
167	>
168	> --
169	> gentoo-cluster@g.o mailing list
170	>
171	>
172
173	--
174	gentoo-cluster@g.o mailing list

Gentoo Archives: gentoo-cluster