1 |
Gah! You did the same thing I did.. |
2 |
|
3 |
exit /etc/xinetd.conf and look for the line: |
4 |
only_from = localhost |
5 |
and add this line after it: |
6 |
only_from += <your ip range>/24 |
7 |
|
8 |
This always catches me off guard. I forget it and spend days trying |
9 |
to fix it! =) |
10 |
|
11 |
On May 17, 2006, at 5:31 PM, Jared Greenwald wrote: |
12 |
|
13 |
> I do have an entry in the /root/.rhosts file for the remote node, but |
14 |
> it actually seems that pam is outright rejecting the rsh connection |
15 |
> |
16 |
> I'll have to play with the pam settings I suppose. |
17 |
> |
18 |
> Thanks again for the help... |
19 |
> |
20 |
> -Jared |
21 |
> |
22 |
> On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote: |
23 |
>> I assume you mean passwordless logins. |
24 |
>> |
25 |
>> my /etc/pam.d/rlogin: |
26 |
>> #%PAM-1.0 |
27 |
>> # For root login to succeed here with pam_securetty, "rlogin" must be |
28 |
>> # listed in /etc/securetty. |
29 |
>> auth required pam_nologin.so |
30 |
>> auth required pam_securetty.so |
31 |
>> auth required pam_env.so |
32 |
>> auth sufficient pam_rhosts_auth.so |
33 |
>> auth include system-auth |
34 |
>> account include system-auth |
35 |
>> password include system-auth |
36 |
>> session include system-auth |
37 |
>> |
38 |
>> My /etc/pam.d/rsh |
39 |
>> #%PAM-1.0 |
40 |
>> # For root login to succeed here with pam_securetty, "rsh" must be |
41 |
>> # listed in /etc/securetty. |
42 |
>> auth required pam_nologin.so |
43 |
>> auth required pam_securetty.so |
44 |
>> auth optional pam_env.so |
45 |
>> |
46 |
>> # Uncomment this and comment the following to use rhosts_auth module |
47 |
>> auth required pam_rhosts_auth.so |
48 |
>> #auth include system-auth |
49 |
>> |
50 |
>> account include system-auth |
51 |
>> session include system-auth |
52 |
>> |
53 |
>> My /etc/pam.d/rexec |
54 |
>> #%PAM-1.0 |
55 |
>> # For root login to succeed here with pam_securetty, "rexec" must be |
56 |
>> # listed in /etc/securetty. |
57 |
>> auth required pam_nologin.so |
58 |
>> auth required pam_securetty.so |
59 |
>> auth optional pam_env.so |
60 |
>> auth required pam_rhosts_auth.so |
61 |
>> auth include system-auth |
62 |
>> account include system-auth |
63 |
>> session include system-auth |
64 |
>> |
65 |
>> |
66 |
>> then add the three protocols to /etc/securetty =) |
67 |
>> |
68 |
>> |
69 |
>> |
70 |
>> |
71 |
>> |
72 |
>> |
73 |
>> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote: |
74 |
>> |
75 |
>> > Now the only problem is how do stop pam from blocking rsh access? |
76 |
>> > |
77 |
>> > -Jared |
78 |
>> > |
79 |
>> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote: |
80 |
>> >> There shouldn't be an rsh process running. xinetd starts it when a |
81 |
>> >> user connects. |
82 |
>> >> |
83 |
>> >> The best way to troubleshoot xinetd problems is to start xinetd in |
84 |
>> >> debugging mode. |
85 |
>> >> |
86 |
>> >> xinetd -d |
87 |
>> >> |
88 |
>> >> If you see that the servive started then you can do a netstat - |
89 |
>> ap and |
90 |
>> >> look for the service name in there (shell/login/exec for rsh/ |
91 |
>> rlogin/ |
92 |
>> >> rexec). Once there you should be good to go =) |
93 |
>> >> |
94 |
>> >> |
95 |
>> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote: |
96 |
>> >> |
97 |
>> >> > I'm looking for some help in setting up netkit rsh. |
98 |
>> >> > |
99 |
>> >> > Please no comments about how rsh in unsecure and all that = I |
100 |
>> know |
101 |
>> >> > that, but I need rsh specifically to hook into a tool that my IT |
102 |
>> >> > department uses for backups. |
103 |
>> >> > |
104 |
>> >> > So, I've got netkit-rsh and xinetd installed. |
105 |
>> >> > |
106 |
>> >> > In the /etc/xinetd.d/rsh file I've changed the following from: |
107 |
>> >> > |
108 |
>> >> > disable yes |
109 |
>> >> > |
110 |
>> >> > to |
111 |
>> >> > |
112 |
>> >> > disable no |
113 |
>> >> > |
114 |
>> >> > Then I restarted xinetd. At this point there is an xinetd |
115 |
>> process, |
116 |
>> >> > but no rsh (rshd or in.rsh) process running. |
117 |
>> >> > |
118 |
>> >> > A quick look in the log shows that one xinetd service has |
119 |
>> started: |
120 |
>> >> > |
121 |
>> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13 |
122 |
>> >> started |
123 |
>> >> > with libwrap loadavg options compiled in. |
124 |
>> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1 |
125 |
>> available |
126 |
>> >> > service |
127 |
>> >> > |
128 |
>> >> > So, the question is - what am I missing? |
129 |
>> >> > |
130 |
>> >> > Any and all assistance would be greatly appreciated. |
131 |
>> >> > |
132 |
>> >> > Thanks, |
133 |
>> >> > Jared |
134 |
>> >> > |
135 |
>> >> > -- |
136 |
>> >> > gentoo-cluster@g.o mailing list |
137 |
>> >> > |
138 |
>> >> |
139 |
>> >> -- |
140 |
>> >> gentoo-cluster@g.o mailing list |
141 |
>> >> |
142 |
>> >> |
143 |
>> > |
144 |
>> > -- |
145 |
>> > gentoo-cluster@g.o mailing list |
146 |
>> > |
147 |
>> |
148 |
>> -- |
149 |
>> gentoo-cluster@g.o mailing list |
150 |
>> |
151 |
>> |
152 |
> |
153 |
> -- |
154 |
> gentoo-cluster@g.o mailing list |
155 |
> |
156 |
|
157 |
-- |
158 |
gentoo-cluster@g.o mailing list |