Rsh means remote shell, it executes command on host, it's easy to use, quite often is blamed for its security risk, however, sometime, you need it for some particular task. Same for rlogin and rexec
Here I show the setup procedure, I'm using SL6 for test, other Linux distribution should be same.
Suppose host A is the one you want to config rsh server(allow B to rsh), while host B is the client host to run rsh.
Step 1: install packages
There are two packages need to be installed first, for SL6, they are in sl repo.
rsh.x86_64
rsh-server.x86_64
Step 2: Enable rsh service in xinted
change /etc/xinetd.d/rsh, red color shows the changed value, default is yes.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}
More xinetd is described in xinetd and tcp wrapper
Step 3: Add rsh services to /etc/securetty
#cat /etc/securetty | grep rsh
rsh
Step 4: enable host and service connection
Add the line below to /etc/hosts.allow
in.rshd : <host B>
or, you can add a wild card like this
ALL : <host B>
Step 5: enable account access
Add the following line to ~host/.rhosts of the account you want to open rsh
<host B> +
Restart xinetd service, then you are done.
Further checks if still now work
6) Check if you server is able to convert client IP address to hostname.
check DNS or /etc/hosts
7) Check your /etc/pam.d/rsh
for example module "pam_nologin.so" can disable login if the file /etc/nologin exists. For more details read /usr/share/doc/pam-0.77/txts/README.pam_nologin
8) Never change /etc/pam.d/rsh to use something other than:
auth required pam_rhosts_auth.so
The client-server "rlogin" protocol is not designed for other authentication than by .rhost files. For example pam_stack.so in section "auth" can corrupt the client/server connection if the "login" program sends password prompt to client. If you need authentication by password use "rlogin" or "ssh".
Comments powered by CComment