rsh server config
RSH server is used to between two os unix or linux server fore sharing users to run comman on the remote server. it ofen used in cluster system.Note:
RSH just can using by client to server,not server to client .
rsh server requier files
rsh server`s rpm
xinet rpm
exp: Red Hat Enterpise Linux 5
rsh-server-0.17-37.el5.i386.rpm
xinetd-2.3.14-10.el5.i386.rpm(这2个默认是不安装的,在安装盘中可以找到)
rsh client requier files
rsh`s rpm
exp: Red Hat Enterpise Linux 5
rsh-0.17-37.el5.src.rpm(默认是安装的)
How to config
lab Topology
the Topology by http://linux.vbird.org/linux_server/0310telnetssh.php#rsh
http://www.agoit.com/upload/attachment/119445/5867b3a1-0fbc-3b19-961e-d449fe048e24.png
RSH server config
1. install RSH server `rpm
rpm -Uvh xinetd-2.3.14-10.el5.i386.rpm
rpm -Uvh rsh-server-0.17-37.el5.i386.rpm
2 modify xinet.d/` files
fiies `s name is rsh rlogin rexec
all above the files ` s " disable = yes " option must be modifyed to "default = no "
exp:
rsh
# cat /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}
exp: rlogin
# cat /etc/xinetd.d/rlogin
# default: on
# description: rlogind is the server for the rlogin(1) program. The server \
# provides a remote login facility with authentication based on \
# privileged port numbers from trusted hosts.
service login
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
disable = no
}
exp : rexec
# cat /etc/xinetd.d/rexec
# default: off
# description: Rexecd is the server for the rexec(3) routine. The server \
# provides remote execution facilities with authentication based \
# on user names and passwords.
service exec
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rexecd
disable = no
}
2 Add RSH server`s and RSH client`s hosts informations
RSH server `s host files
exp :
# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.254.241.251 rsh.server rsh
10.254.241.249 rsh.client rsh
(rsh.client是rsh client的hostname,rsh.server是rsh server的hostname)
RSH client`s host files
exp:
# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.254.241.251 rsh.server rsh
3 Add the RSH client login informations
files`s name and location is /etc/hosts.equiv
exp:
# cat /etc/hosts.equiv
rsh.client root
rsh.client rsh(rsh是用户名,client和server都有)
4 Add the RSH client`s login user for RSH server
Add the .rhosts file to the user `s document which RSH client login.
(.rhosts文件是不存在的需要创建,并添加
rsh.client root
rsh.client rsh
10.254.241.249 rsh
10.254.241.249 root
)
exp :
# ls -la
total 132
drwxr-x--- 4 root root 4096 Jun 22 23:00 .
drwxr-xr-x 23 root root 4096 Jun 22 22:41 ..
-rw------- 1 root root 849 Jun 20 22:40 anaconda-ks.cfg
-rw------- 1 root root 1957 Jun 22 22:39 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 3 root root 4096 Jun 20 22:38 .gconf
drwx------ 2 root root 4096 Jun 20 22:38 .gconfd
-rw-r--r-- 1 root root 18700 Jun 20 22:40 install.log
-rw-r--r-- 1 root root 3859 Jun 20 22:40 install.log.syslog
-rw------- 1 root root 35 Jun 22 22:24 .lesshst
-rw------- 1 root root 30 Jun 22 22:26 .rhosts
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
-rw------- 1 root root 5230 Jun 22 23:00 .viminfo
modify the .rhosts `s file purview.
chmod 600 .rhosts
5 modify some securety files to allow root can be logined by RSH client.
The securety files `s name is /etc/securetty and /etc/pam.d/rsh,but just modify only one be ok .(两个我都做了)
exp:
securetty
echo "rexec" >> /etc/securetty
echo "rlogin" >> /etc/securetty
echo "rsh" >> /etc/securetty
exp: pam.d/rsh
# cat /etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
#auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts_auth.so
account include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
(使用netstat -an | grep 514查看tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN
如果没有执行/etc/init.d/xinetd restart)
6 RSH client testing
# rsh 172.16.8.23 ls
connect to address 172.16.8.23 port 544: Connection refused
Trying krb4 rsh...
connect to address 172.16.8.23 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)
anaconda-ks.cfg
install.log
install.log.syslog
我使用rsh用户成功,root没有成功。
在安装Red Hat Enterpise Linux 5时,我设置了hostname,ip,dns。
Thank `s vbird`s document http://linux.vbird.org/linux_server/0310telnetssh.php#rsh
页:
[1]