FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-24-2008, 02:49 PM
"bruce"
 
Default rsh issue/update (access denied)...

hi...

i've got an "access denied" issue with rsh on one of my boxes (and before we
start, no "use ssh" comments.. rsh is what i'm dealing with for now!!)

i've got a few boxes in my network, and i can successfully rsh into them
with no issue. however, on one box, i can't access it using rsh, and i'm
running out of things to try... kind of curious.

i can login using rlogin.

i've modifed the /etc/pam.d/rsh,rlogin files, along with the /etc/securetty
file. i've also changed the /etc/xinetd.d/(rsh,rlogin)files. as far as i can
tell, nothing else has been changed...

the curious thing. as far as i can tell... the files on the system that
doesn't work, are the same as the files on the systems that are allowing rsh
to occur...

the err i'm getting in the /var/log/secure is:
Jun 23 22:16:09 lserver5 userhelper[2186]:
pam_timestamp(system-config-services:session): updated timestamp file
`/var/run/sudo/root/unknown'
Jun 23 22:16:09 lserver5 userhelper[2189]: running
'/usr/sbin/system-config-services' with root privileges on behalf of 'root'
Jun 23 22:16:28 lserver5 xinetd[2227]: START: shell pid=2239
from=192.168.1.45
Jun 23 22:16:28 lserver5 rshd[2239]: pam_rhosts_auth(rsh:auth): denied to
root@192.168.1.45 as test1: access not allowed
Jun 23 22:16:28 lserver5 rshd[2239]: pam_unix(rsh:session): session opened
for user test1 by (uid=0)
Jun 23 22:16:28 lserver5 rshd[2239]: pam_unix(rsh:session): session closed
for user test1


etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth sufficient pam_rhosts_auth.so promiscuous
auth required pam_securetty.so
auth required pam_env.so
account include system-auth
session include system-auth

etc/pam.d/rlogin
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth sufficient pam_rhosts_auth.so promiscuous
auth required pam_securetty.so
auth required pam_env.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth

/etc/securetty
rsh
rlogin
rlogind
rexec
console
vc/1
vc/2
vc/3
vc/4
vc/5
.
.
.


/etc/xinetd.d/rexec::
# description: Rexecd is the server for the rexec(3) routine. The server
# provides remote execution facilities with authentication based
# on user names and passwords.
service exec
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rexecd
disable = no
}


/etc/xinetd.d/rsh::
# default: on
# description: The rshd server is the server for the rcmd(3) routine and,
# consequently, for the rsh(1) program. The server provides
# remote execution facilities with authentication based on
# privileged port numbers from trusted hosts.
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}


/etc/xinetd.d/rlogin::
# default: on
# description: rlogind is the server for the rlogin(1) program. The server

# provides a remote login facility with authentication based on
# privileged port numbers from trusted hosts.
service login
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
disable = no
}


i've been searching across the net for the last day or so, so i suspect that
the solution is staring at me and i'm missing it!

is there a way to debug this from the server side? is there a way to turn
off authentication.. Is there a way to turn off/disable securetty...

so... any thoughts/comments/things to check would be greatly appreciated....


thanks



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-24-2008, 02:49 PM
"bruce"
 
Default rsh issue/update (access denied)...

hi...

i've got an "access denied" issue with rsh on one of my boxes (and before we
start, no "use ssh" comments.. rsh is what i'm dealing with for now!!)

i've got a few boxes in my network, and i can successfully rsh into them
with no issue. however, on one box, i can't access it using rsh, and i'm
running out of things to try... kind of curious.

i can login using rlogin.

i've modifed the /etc/pam.d/rsh,rlogin files, along with the /etc/securetty
file. i've also changed the /etc/xinetd.d/(rsh,rlogin)files. as far as i can
tell, nothing else has been changed...

the curious thing. as far as i can tell... the files on the system that
doesn't work, are the same as the files on the systems that are allowing rsh
to occur...

the err i'm getting in the /var/log/secure is:
Jun 23 22:16:09 lserver5 userhelper[2186]:
pam_timestamp(system-config-services:session): updated timestamp file
`/var/run/sudo/root/unknown'
Jun 23 22:16:09 lserver5 userhelper[2189]: running
'/usr/sbin/system-config-services' with root privileges on behalf of 'root'
Jun 23 22:16:28 lserver5 xinetd[2227]: START: shell pid=2239
from=192.168.1.45
Jun 23 22:16:28 lserver5 rshd[2239]: pam_rhosts_auth(rsh:auth): denied to
root@192.168.1.45 as test1: access not allowed
Jun 23 22:16:28 lserver5 rshd[2239]: pam_unix(rsh:session): session opened
for user test1 by (uid=0)
Jun 23 22:16:28 lserver5 rshd[2239]: pam_unix(rsh:session): session closed
for user test1


etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth sufficient pam_rhosts_auth.so promiscuous
auth required pam_securetty.so
auth required pam_env.so
account include system-auth
session include system-auth

etc/pam.d/rlogin
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth sufficient pam_rhosts_auth.so promiscuous
auth required pam_securetty.so
auth required pam_env.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth

/etc/securetty
rsh
rlogin
rlogind
rexec
console
vc/1
vc/2
vc/3
vc/4
vc/5
.
.
.


/etc/xinetd.d/rexec::
# description: Rexecd is the server for the rexec(3) routine. The server
# provides remote execution facilities with authentication based
# on user names and passwords.
service exec
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rexecd
disable = no
}


/etc/xinetd.d/rsh::
# default: on
# description: The rshd server is the server for the rcmd(3) routine and,
# consequently, for the rsh(1) program. The server provides
# remote execution facilities with authentication based on
# privileged port numbers from trusted hosts.
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}


/etc/xinetd.d/rlogin::
# default: on
# description: rlogind is the server for the rlogin(1) program. The server

# provides a remote login facility with authentication based on
# privileged port numbers from trusted hosts.
service login
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
disable = no
}


i've been searching across the net for the last day or so, so i suspect that
the solution is staring at me and i'm missing it!

is there a way to debug this from the server side? is there a way to turn
off authentication.. Is there a way to turn off/disable securetty...

so... any thoughts/comments/things to check would be greatly appreciated....


thanks



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-24-2008, 09:25 PM
James Pearson
 
Default rsh issue/update (access denied)...

bruce wrote:

hi...

i've got an "access denied" issue with rsh on one of my boxes (and before we
start, no "use ssh" comments.. rsh is what i'm dealing with for now!!)

i've got a few boxes in my network, and i can successfully rsh into them
with no issue. however, on one box, i can't access it using rsh, and i'm
running out of things to try... kind of curious.

i can login using rlogin.

i've modifed the /etc/pam.d/rsh,rlogin files, along with the /etc/securetty
file. i've also changed the /etc/xinetd.d/(rsh,rlogin)files. as far as i can
tell, nothing else has been changed...

the curious thing. as far as i can tell... the files on the system that
doesn't work, are the same as the files on the systems that are allowing rsh
to occur...

the err i'm getting in the /var/log/secure is:
Jun 23 22:16:09 lserver5 userhelper[2186]:
pam_timestamp(system-config-services:session): updated timestamp file
`/var/run/sudo/root/unknown'
Jun 23 22:16:09 lserver5 userhelper[2189]: running
'/usr/sbin/system-config-services' with root privileges on behalf of 'root'
Jun 23 22:16:28 lserver5 xinetd[2227]: START: shell pid=2239
from=192.168.1.45
Jun 23 22:16:28 lserver5 rshd[2239]: pam_rhosts_auth(rsh:auth): denied to
root@192.168.1.45 as test1: access not allowed
Jun 23 22:16:28 lserver5 rshd[2239]: pam_unix(rsh:session): session opened
for user test1 by (uid=0)
Jun 23 22:16:28 lserver5 rshd[2239]: pam_unix(rsh:session): session closed
for user test1


What does .rhosts contain for user test1 contain?

Is it different from the .rhosts file(s) on the other systems -
including the permissions ?


James Pearson
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 03:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org