rsh without password

Discussion:

(too old to reply)

Kenji

2004-11-10 08:03:06 UTC

I did the followign to enable rsh login without requirign passowrd.
However, I am still required password input.
Do I miss something?

-/root/.rhosts
add hostname

-/etc/host.equiv
add hostname

-/etc/securetty
add rsh, rlogin at the bottom

-install rsh-server with YaST

-chkconfig rsh on, chkconfig rlogin on

-enable xinetd with YaST

A software which I want to install uses rsh to set-up several machines
at once, with a script.
Otherwise, I don't want to use rsh...:)

Thanks,
KH

Chris Cox

2004-11-10 18:56:39 UTC

Permalink

Post by Kenji
I did the followign to enable rsh login without requirign passowrd.
However, I am still required password input.
Do I miss something?

Make sure you don't supply the -l option when running the
daemon.... check your xinetd.conf or inetd.conf file.

If you use wildcards (e.g. +)... you might need to make a PAM change.

See if you have (in /etc/pam.d/rsh and rlogin):
auth required pam_rhosts_auth.so

if so... change it to:
auth required pam_rhosts_auth.so promiscuous

Kenji

2004-11-12 02:48:39 UTC

Permalink

Thanks for the reply.

The following is my file;

---/etc/xinetd/rsh-----------
# default: off
# description:
# The rshd server is a server for the rcmd(3) routine and,
# consequently, for the rsh(1) program. The server provides
# remote execution facilities with authentication based on
# privileged port numbers from trusted hosts.
service shell
{
# server_args = /usr/sbin/in.rshd -L
socket_type = stream
protocol = tcp
wait = no
user = root
group = root
server = /usr/sbin/tcpd
server_args = /usr/sbin/in.rshd -aL
flags = NAMEINARGS
log_on_success += USERID
log_on_failure += USERID
}
-------------------------

-----------/etc/pam.d/rsh---------
#%PAM-1.0
auth required pam_rhosts_auth.so promiscuous
auth required pam_nologin.so
account required pam_unix2.so
password required pam_unix2.so
session required pam_unix2.so none # debug or trace
-----------------------------------

Post by Chris Cox
Make sure you don't supply the -l option when running the
daemon.... check your xinetd.conf or inetd.conf file.

Not -l, but -aL option is supplied, I think.

Post by Chris Cox
If you use wildcards (e.g. +)... you might need to make a PAM change.

I think, I don't use wildcards.

Post by Chris Cox
auth required pam_rhosts_auth.so
auth required pam_rhosts_auth.so promiscuous

Just in case, I did this, and restart xinetd.
But it seems nothing is changed...

Chris Cox

2004-11-12 19:18:54 UTC

Permalink

Kenji wrote:
...

Post by Kenji
server_args = /usr/sbin/in.rshd -aL

There she blows!! Remove the L ... that option
prevents rsh (also applies to rlogin) from processing
.rhost/hosts.equiv entries.

Kenji

2004-11-13 08:45:02 UTC

Permalink

Post by Chris Cox
...

Post by Kenji
server_args = /usr/sbin/in.rshd -aL

There she blows!! Remove the L ... that option
prevents rsh (also applies to rlogin) from processing
.rhost/hosts.equiv entries.

Thanks for the comment.
But,,,after removing -L option, nothing seems to be changed...

I focus on only rsh configuration, but may be I also need
to change some files to rlogin.

Kenji