Hello all,
I'm not quite sure what has changed in the recent rsh commands, but I can't seem to get around the password promting. I need a clnk rsh between two machines in order to run my backup script.
I added all the usual .rhosts with the proper permissions et al added the xinetd.d confilg files, opened ports 543 and 544 in my firewall, yet when I use the rsh commands, I get either a password prompt or some Kerberos stuff that I don't use.
ie: rexec intrbase ls password:
and connect to address 192.168.99.211: Connection refused Trying krb4 rlogin... connect to address 192.168.99.211: Connection refused trying normal rlogin (/usr/bin/rlogin) Last login: Thu Feb 2 07:47:37 from spare
As you can see this is for an internal network, so I'm not freaked out about security here.
I can't seem to find anything in the help files about it. How can I configure rsh to use the old, normal way of auth?
I'm using the latest CentOS4.2
Cheers.
-- Scott
2006/2/2, Scott Taylor scott@dctchambers.com:
I'm not quite sure what has changed in the recent rsh commands, but I can't seem to get around the password promting. I need a clnk rsh between two machines in order to run my backup script.
I can't seem to find anything in the help files about it. How can I configure rsh to use the old, normal way of auth?
Not an actual answer to your question, but have you considered using SSH? The Linux community has all but abandoned rsh in favor of ssh. I understand that it would require you to edit your scripts, but it could be worth it.
-- Enrico Indiogine Parasol Laboratory Texas A&M University
enricoi@cs.tamu.edu hindiogine@gmail.com 979-845-3937
On Thu, February 2, 2006 09:04, Salvatore Enrico Indiogine wrote:
2006/2/2, Scott Taylor scott@dctchambers.com:
I'm not quite sure what has changed in the recent rsh commands, but I can't seem to get around the password promting. I need a clnk rsh between two machines in order to run my backup script.
I can't seem to find anything in the help files about it. How can I configure rsh to use the old, normal way of auth?
Not an actual answer to your question, but have you considered using SSH? The Linux community has all but abandoned rsh in favor of ssh. I understand that it would require you to edit your scripts, but it could be worth it.
Nope. I _need_ to use rsh. That should say "clean" rsh above.
-- Scott
On 02/02/06, Scott Taylor scott@dctchambers.com wrote:
On Thu, February 2, 2006 09:04, Salvatore Enrico Indiogine wrote:
2006/2/2, Scott Taylor scott@dctchambers.com:
I'm not quite sure what has changed in the recent rsh commands, but I can't seem to get around the password promting. I need a clnk rsh between two machines in order to run my backup script.
I can't seem to find anything in the help files about it. How can I configure rsh to use the old, normal way of auth?
Not an actual answer to your question, but have you considered using SSH? The Linux community has all but abandoned rsh in favor of ssh. I understand that it would require you to edit your scripts, but it could be worth it.
Nope. I _need_ to use rsh. That should say "clean" rsh above.
There's been a bunch of Kerberos stuff intgrated into the rsh/rlogin utilities which could be throwing it. If you're attempting to connect as a root user then IIRC there are some changes need to be made to some of the PAM configs too.
However, as Salvatore suggested, you should be able to transparently replace RSH with SSH and it'd problably take the same, if not less, effort than sorting RSH.
If your backup process is a script then it should be easy enough to get in there and hack about with it.
Will.
On Thu, February 2, 2006 09:28, Will McDonald wrote:
On 02/02/06, Scott Taylor scott@dctchambers.com wrote:
Nope. I _need_ to use rsh. That should say "clean" rsh above.
There's been a bunch of Kerberos stuff intgrated into the rsh/rlogin utilities which could be throwing it. If you're attempting to connect as a root user then IIRC there are some changes need to be made to some of the PAM configs too.
So I've noticed. I apears to try to run ksh and klogin first. There doesn't seem to be any way to turn it off.
Could you elaborate on this PAM stuff, I don't see any reference to it in the rsh man pages either.
However, as Salvatore suggested, you should be able to transparently replace RSH with SSH and it'd problably take the same, if not less, effort than sorting RSH.
If your backup process is a script then it should be easy enough to get in there and hack about with it.
If I could I would, but I can not. The old UNIX box that the tape drive is on does not support SSH. I _need_ the old style rsh. I know all about SSH.
I just want to make rsh work like it used to.
-- Scott
Scott Taylor wrote:
Hello all,
I'm not quite sure what has changed in the recent rsh commands, but I can't seem to get around the password promting. I need a clnk rsh between two machines in order to run my backup script.
I added all the usual .rhosts with the proper permissions et al added the xinetd.d confilg files, opened ports 543 and 544 in my firewall, yet when I use the rsh commands, I get either a password prompt or some Kerberos stuff that I don't use.
ie: rexec intrbase ls password:
and connect to address 192.168.99.211: Connection refused Trying krb4 rlogin... connect to address 192.168.99.211: Connection refused trying normal rlogin (/usr/bin/rlogin) Last login: Thu Feb 2 07:47:37 from spare
As you can see this is for an internal network, so I'm not freaked out about security here.
I can't seem to find anything in the help files about it. How can I configure rsh to use the old, normal way of auth?
I'm using the latest CentOS4.2
If you don't use the Kerberos stuff, then remove it ... it's probably the krb5-workstation package - i.e.
rpm -e krb5-workstation
I don't know about rexec, but for rlogin and rsh:
Edit /etc/pam.d/rsh and change the line:
auth required pam_rhosts_auth.so
to:
auth required pam_rhosts_auth.so promiscuous
and edit /etc/pam.d/rlogin and change the line:
auth sufficient pam_rhosts_auth.so
to:
auth sufficient pam_rhosts_auth.so promiscuous
Make sure 'rsh' and 'rlogin' are listed in /etc/securetty
James Pearson
On Thu, February 2, 2006 09:35, James Pearson wrote:
Scott Taylor wrote:
Finally something sane. ;)
If you don't use the Kerberos stuff, then remove it ... it's probably the krb5-workstation package - i.e.
rpm -e krb5-workstation
OK. That did it. Thanks.
I don't know about rexec, but for rlogin and rsh:
Edit /etc/pam.d/rsh and change the line:
Those files are missing in this install. :(
Make sure 'rsh' and 'rlogin' are listed in /etc/securetty
Yes. Thanks.
-- Scott
Scott Taylor wrote:
On Thu, February 2, 2006 09:35, James Pearson wrote:
Scott Taylor wrote:
Finally something sane. ;)
If you don't use the Kerberos stuff, then remove it ... it's probably the krb5-workstation package - i.e.
rpm -e krb5-workstation
OK. That did it. Thanks.
I don't know about rexec, but for rlogin and rsh:
Edit /etc/pam.d/rsh and change the line:
Those files are missing in this install. :(
Make sure 'rsh' and 'rlogin' are listed in /etc/securetty
Yes. Thanks.
/etc/pam.d/rsh and /etc/pam.d/rlogin are part of the rsh-server package i.e. required if you need to rsh/rlogin into the CentOS box.
If you need to rsh/rlogin out of the the CentOS box, then changing the pam.d files won't help....
James Pearson
On Thu, February 2, 2006 09:52, James Pearson wrote:
Scott Taylor wrote:
On Thu, February 2, 2006 09:35, James Pearson wrote:
/etc/pam.d/rsh and /etc/pam.d/rlogin are part of the rsh-server package i.e. required if you need to rsh/rlogin into the CentOS box.
If you need to rsh/rlogin out of the the CentOS box, then changing the pam.d files won't help....
I C. Yes, I only need to rsh out of the box. Thanks. Back/Restore is working fine now. :)
-- Scott
-
James Pearson -
Salvatore Enrico Indiogine -
Scott Taylor -
Will McDonald