FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-07-2008, 07:03 PM
MHR
 
Default rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

On Mon, Jul 7, 2008 at 11:53 AM, MHR <mhullrich@gmail.com> wrote:
> Okay, I've narrowed the problem down quite a bit. As previously
> reported, in CentOS 5.2 I get this:
>
> $ cvs log Makefile
> poll: protocol failure in circuit setup
> cvs [log aborted]: end of file from server (consult above messages if any)
>
> Turns out this is a problem with rsh:
>
> $ rsh khan ls
> connect to address 10.24.15.48 port 544: Connection refused
> Trying krb4 rsh...
> connect to address 10.24.15.48 port 544: Connection refused
> trying normal rsh (/usr/bin/rsh)
> poll: protocol failure in circuit setup
>
> Now, if I just reomtely login to khan (our cvs server), I get this:
>
> [mrichter@sushi ~]$ khan
> connect to address 10.24.15.48 port 543: Connection refused
> Trying krb4 rlogin...
> connect to address 10.24.15.48 port 543: Connection refused
> trying normal rlogin (/usr/bin/rlogin)
> Last login: Fri Jul 4 18:19:01 from viper
> [mrichter@khan mrichter]$
>
> Voila - I'm logged in.
>
> Also, if I try an rsh from another machine (viper - FC1), I get this:
>
> [mrichter@viper mrichter]$ rsh khan ls
> connect to address 10.24.15.48: Connection refused
> Trying krb4 rsh...
> connect to address 10.24.15.48: Connection refused
> trying normal rsh (/usr/bin/rsh)
> Desktop
> Documents
> Download
> Music
> Pictures
> Public
> Templates
> Videos
> bin
> lane608
> rls_607
> temp.xml
>
>
> So, what is it about rsh from CentOS 5.2 such that the kerberos
> certification destroys its chances of success? Alternative question:
> what do I need to tweak to make this work?
>

Narrowed it down a bit further: I can rsh to khan directly with no
command, but if I add a command, that's when the rsh fails:

[mrichter@sushi lane]$ khan
connect to address 10.24.15.48 port 543: Connection refused
Trying krb4 rlogin...
connect to address 10.24.15.48 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Last login: Mon Jul 7 11:59:59 from sushi
[mrichter@khan mrichter]$ ls
bin/ Documents/ lane608/ Pictures/ rls_607/ temp.xml
Desktop/ Download/ Music@ Public/ Templates/ Videos/
[mrichter@khan mrichter]$ exit
rlogin: connection closed.
[mrichter@sushi lane]$ rsh khan ls
connect to address 10.24.15.48 port 544: Connection refused
Trying krb4 rsh...
connect to address 10.24.15.48 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)
poll: protocol failure in circuit setup
[mrichter@sushi lane]$

Sushi is my CentOS 5.2 machine, khan is our CVS server running:

[mrichter@khan mrichter]$ lsb_release -a
LSB Version: 1.3
Distributor ID: RedHatEnterpriseAS
Description: Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
Release: 3
Codename: TaroonUpdate2

Any ideas?

mhr
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-07-2008, 10:04 PM
"William L. Maltby"
 
Default rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

On Mon, 2008-07-07 at 16:59 -0400, Stephen Harris wrote:
> On Mon, Jul 07, 2008 at 01:45:25PM -0700, MHR wrote:
>
> > [mrichter@sushi lane]$ rsh khan ls
> > poll: protocol failure in circuit setup
>
> Are you sure there are no firewalls in place that could be blocking access?
> Note that "rsh machine" really calls "rlogin machine" and so talks on
> a different port (port 513) whereas "rsh machine command" uses port 514.
>
> You should tcpdump the traffic while trying to do an rsh to see what is
> going on.

I figure you've probably checked this already, but is rcpwrappers
installed? If so, are hosts.deny and hosts.allow setup good? I suspect
so - I think I saw you had some kind of successful connect earlier in
the thread.

Have you run with the -d parameter?


HTH
--
Bill

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-07-2008, 10:48 PM
Scott Silva
 
Default rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

on 7-7-2008 3:28 PM MHR spake the following:

On Mon, Jul 7, 2008 at 3:04 PM, William L. Maltby
<CentOS4Bill@triad.rr.com> wrote:

I figure you've probably checked this already, but is rcpwrappers
installed?


No, not on either system (what is rcpwrappers?).

tcpwrappers
http://en.wikipedia.org/wiki/TCP_Wrapper

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-07-2008, 11:08 PM
"William L. Maltby"
 
Default rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

On Mon, 2008-07-07 at 15:28 -0700, MHR wrote:
> On Mon, Jul 7, 2008 at 3:04 PM, William L. Maltby
> <CentOS4Bill@triad.rr.com> wrote:
> >
> > I figure you've probably checked this already, but is rcpwrappers
> > installed?
>
> No, not on either system (what is rcpwrappers?).

A typoed tcpwrappers <*blush*>. I'm sorry for that.

>
> > If so, are hosts.deny and hosts.allow setup good? I suspect
> > so - I think I saw you had some kind of successful connect earlier in
> > the thread.
> >
> They're fine. In fact, sushi is in khan's /etc/hosts file explicitly,
> and khan thinks it's on ocroads.com:

That file is not related to tcpwrappers. The /etc/hosts.{allow,deny} are
effective if tcpwrappers is in use.

# rpm -q tcp_wrappers
tcp_wrappers-7.6-40.4.el5

IIRC, this is usually installed by default? It's almost become a
mandatory for increased security.

But as I mentioned, I'm not sure this is needed or in use since you did
have some kind of good connection.

JIC
-----------------------------------------------------
# rpm -q --info tcp_wrappers
<snip>
Summary : A security tool which acts as a wrapper for TCP daemons.
Description :
The tcp_wrappers package provides small daemon programs which can
monitor and filter incoming requests for systat, finger, FTP, telnet,
rlogin, rsh, exec, tftp, talk and other network services.

Install the tcp_wrappers program if you need a security tool for
filtering incoming network services requests.
-----------------------------------------------------

Also, check out "man portmap" and "man rpcdebug". I don't know if
they'll help.

Oh! IJR, do this thing after running makewhatis as root.

$ man -k rpc
<snip useless stuff>
portmap (8) - DARPA port to RPC program number mapper
portmap (rpm) - A program which manages RPC connections.
rpc (3) - library routines for remote procedure calls
rpc (5) - rpc program number data base
rpc.gssd [gssd] (8) - rpcsec_gss daemon
rpc.idmapd [idmapd] (8) - NFSv4 ID <-> Name Mapper
rpc.lockd [lockd] (8) - start kernel lockd process
rpc.mountd [mountd] (8) - NFS mount daemon
rpc.nfsd [nfsd] (8) - NFS server process
rpc.rquotad [rquotad] (8) - remote quota server
rpc.statd [statd] (8) - NSM status monitor
rpc.svcgssd [svcgssd] (8) - server-side rpcsec_gss daemon
rpcdebug (8) - set and clear NFS and RPC kernel debug flags
rpcinfo (8) - report RPC information

I can't recall if your problem is one of those "worked on 5.1 but
now..." problems. If so, maybe the prior had tcpwrappers setup and now
you don't?

>
> [mrichter@khan mrichter]$ hostname -f
> khan.ocroads.com
>
> > Have you run with the -d parameter?
> >
>
> Nothing new (actually, nothing at all).
>
> ?!?
>
> mhr
> <snip sig stuff>

BTW, IUC, there are several points at which connection can be refused.
Service not running, firewall, tcpwrappers, ... that general purpose
daemon that dispatches programs for remote requests like ftp, that I
can't remember the name of ATM.

HTH
--
Bill

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 11:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org