RHEL4 - rsh: permission denied

Thomas Walter tbw at geo.hunter.cuny.edu
Thu May 4 19:35:38 UTC 2006 

Rick,

Ty for your response. here's more details......

Tom


On Wed, 3 May 2006, Rick Stevens wrote:

> On Wed, 2006-05-03 at 15:36 -0400, Thomas Walter wrote:
> > I'm trying to get rsh set between two machines (local is Solaris 9, 
> > remote is RHEL4). I've done it before (I 
> > have a "cookbook") but I'm missing something. Please help. I'm aware of 
> > the security issues involved using "r" commands.
> > 
> > What I've done on remote machine:
> > - in .rhosts I put FQ machine name and user name.
> 
> That's in the common user's home directory, right?  E.g.
> "~fred/.rhosts" assuming the common user is "fred".

/root/.rhosts on remote machine:
moon.xxx.xxxxxx.xxxx.edu        root

> 
> > - added "+ FQ machine name user" in /etc/hosts.equiv
> 
> That's "+ other-machine-name username", right?

/etc/hosts.equiv on remote machine:
+       moon.xxx.xxxxxx.xxxx.edu        root

> 
> > - in /etc/xinetd.d/rsh and rexec changed to "disable = no"
> > - added rsh to /etc/securetty
> > - restarted xinetd
> > - no error messages in/etc/log/messages when restarting xinetd.
> 
> Uh, when you say "restarted xinetd", did you "service xinetd restart"
> or simply pass it a SIGHUP?  I don't always trust "service xinetd
> restart".  I'd prefer "service xinetd stop;service xinetd start".  I
> know it's pedantic, but I've seen xinetd hang using the restart option.
> 

I restarted xinetd via GUI, Applications --> System Settings --> Server 
Settings --> Services --> Restart xinetd [xinetd restart successful]

/var/log/messages:
May  4 11:33:13 hypatia xinetd: xinetd shutdown succeeded
May  4 11:33:13 hypatia xinetd: xinetd startup succeeded
May  4 11:33:13 hypatia xinetd[20582]: xinetd Version 2.3.13 started with 
libwrap loadavg options compiled in.
May  4 11:33:13 hypatia xinetd[20582]: Started working: 2 available services


> > What I've done on local machine:
> > - added remote FQ machine name and same user name to .rhosts
> 
> Again, in the common user's .rhosts file, right?

/.rhosts on local machine (Sun Solaris 9)
hypatia.xxx.xxxx.xxx.edu     root

> > 
> > On local machine the command "rsh machinename w" results in "permission 
> > denied"
> > 
> > On remote machine command "rsh localhost w" results in "permission denied.
> 
> Did you check /var/log/messages or /var/log/secure on the remote system
> to see what errors were spit out?

On local machine (moon) the command "moon{root}:rsh hypatia w" results in 
"permission denied"

[root at hypatia ~]# tail /var/log/messages:
May  4 11:38:27 hypatia rshd[20596]: rsh denied to root at moon.xxxx.xxxxxx.xxxx.edu as root: Permission denied. 
May  4 11:38:27 hypatia rshd[20596]: rsh command was 'w'
[root at hypatia ~]# 

May  4 11:38:27 hypatia xinetd[20582]: START: shell pid=20596 from=1xx.9x.x.3 (this is moon's IP address)

I hope this sheds some light.

Thanks again.

Tom


> 
> ----------------------------------------------------------------------
> - Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
> - VitalStream, Inc.                       http://www.vitalstream.com -
> -                                                                    -
> -    "Hello. My PID is Inigo Montoya.  You `kill -9'-ed my parent    -
> -                     process.  Prepare to vi."                      -
> ----------------------------------------------------------------------
> 
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>

More information about the Redhat-install-list mailing list