RSH between servers not working
I understand your pain with rsh
. Our software at work connects to a database system using a terminal client over telnet (and it needs telnet as it has a specific terminal emulator and client software). The world is full of this sort of (stupid) thing.
However, if all your app needs to do is run commands then you may be able to get away with ssh
(with automatic login with keys). So with your examples, ssh solaris ls
will return to the user on the Linux machine, the result of running ls
on the home dir on the Solaris machine. I assume this is all you're trying to accomplish with rsh.
Related videos on Youtube
churnd
I admin Mac, Windows, Linux, Sun, and even still SGI. Twitter - @churnd
Updated on September 18, 2022Comments
-
churnd over 1 year
I have two servers: one CentOS 5.8 & one Solaris 10. Both are joined to my workplace AD domain via PBIS-Open. A user will log into the linux server & run an application which issues commands over RSH to the solaris server. Some commands are also run on the linux server, so both are needed. Due to the application these servers are being used for (proprietary GE software), the software on the linux server needs to be able to issue
rsh
commands to the solaris server on behalf of the user (the user just runs a script & the rest is automatic).However, rsh is not working for the domain users. It does work for a local user, so I believe I have the necessary trust settings between the two servers correct. However, I can
rlogin
as a domain user from the linux server to the solaris server. SSH works too (how I wish I could use it).Some relevant info:
via rlogin:
[user@linux~]$ rlogin solaris connect to address 192.168.1.2 port 543: Connection refused Trying krb4 rlogin... connect to address 192.168.1.2 port 543: Connection refused trying normal rlogin (/usr/bin/rlogin) Sun Microsystems Inc. SunOS 5.10 Generic January 2005 solaris%
via rsh:
[user@linux ~]$ rsh solaris ls connect to address 192.168.1.2 port 544: Connection refused Trying krb4 rsh... connect to address 192.168.1.2 port 544: Connection refused trying normal rsh (/usr/bin/rsh) permission denied. [user@linux ~]$
relevant snippet from /etc/pam.conf on solaris:
# # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_lsass.so set_default_repository rlogin auth requisite pam_lsass.so smartcard_prompt try_first_pass rlogin auth requisite pam_authtok_get.so.1 try_first_pass rlogin auth sufficient pam_lsass.so try_first_pass rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth required pam_unix_auth.so.1 # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth required pam_krb5.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 # # Kerberized rsh service # krsh auth required pam_unix_cred.so.1 krsh auth required pam_krb5.so.1 #
I have not really seen anything useful in either system log that seem to be directly related to the failed login attempt. I've
tail -f
'd/var/adm/messages
on solaris &/var/log/messages
on linux during the failed attempts & nothing shows up. Maybe I need to be doing something else?-
Kyle Smith about 12 years
rm /usr/bin/rsh ; ln -s /usr/bin/ssh /usr/bin/rsh ; happy admin
-
Janne Pikkarainen about 12 yearsrsh? KILL IT WITH FIRE! BEAT THE DEAD HORSE! Wouldn't it be time to consider
ssh
? Last time I checked my calendar it was 2012 ... -
churnd about 12 yearsI really wish I could. This legacy app from GE requires it. Is there any truth behind symlinking ssh to rsh or is that a joke?
-
Kyle Smith about 12 yearsIt's only sort of a joke. You could probably get away with writing a wrapper for ssh and calling it rsh. :)
-
churnd about 12 yearsHold the phone... moving
/usr/bin/rsh
to/usr/bin/rsh_old
then symlinking/usr/bin/ssh
to/usr/bin/rsh
actually seems to be working...
-
-
churnd about 12 yearsFINALLY!! Someone who understands! I can't change the commands being issued, they're hardwired into the program's binary executables. As a test, yes
rsh solaris ls
should work. I don't know which commands are actually being issued. It doesn't matter because other people have to use this & they're not going to want to use it in any way other than how it was designed. -
webtoe about 12 yearsAs you are using the Active Directory thingy, could it be possible that you need to specify the username to login as? Something along the lines of
rsh -l 'EXAMPLEDOMAIN\user' solaris ls
. Otherwise it will use the username you're logged in as (which may only be being picked up asuser
by rsh). I assume you have the AD plugin thing installed on the Solaris box. -
churnd about 12 yearsThe default domain is already assumed, so using
user
by itself works fine. Yes, both boxes are AD clients. -
webtoe about 12 yearsAh, my quick skim of the docs here implied to me you still needed it. Have you tried the troubleshooting tips in Chapter 5 of that doc? I'm out of helpful suggestions I'm afraid as I haven't used PBIS myself (though looks great; thanks for pointing it out!)