rsh server config

bill.end

RSH server is used to between two os unix or linux server fore sharing users to run comman on the remote server. it ofen used in cluster system.

Note:

RSH just can using by client to server,not server to client .

rsh server requier files

rsh server`s rpm

xinet rpm

exp: Red Hat Enterpise Linux 5
        rsh-server-0.17-37.el5.i386.rpm
        xinetd-2.3.14-10.el5.i386.rpm（这2个默认是不安装的，在安装盘中可以找到）

rsh client requier files

rsh`s rpm

exp: Red Hat Enterpise Linux 5
rsh-0.17-37.el5.src.rpm(默认是安装的)

How to config

lab Topology

the Topology by http://linux.vbird.org/linux_server/0310telnetssh.php#rsh




RSH server config

1. install RSH server `rpm

rpm -Uvh xinetd-2.3.14-10.el5.i386.rpm
rpm -Uvh rsh-server-0.17-37.el5.i386.rpm

2 modify xinet.d/` files

fiies `s name is rsh rlogin rexec

all above the files ` s " disable = yes " option must be modifyed to "default = no "

exp:

rsh

[root@rsh ~]# cat /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
#       consequently, for the rsh(1) program. The server provides \
#       remote execution facilities with authentication based on \
#       privileged port numbers from trusted hosts.
service shell
{
        socket_type             = stream
        wait                    = no
        user                    = root
        log_on_success          += USERID
        log_on_failure          += USERID
        server                  = /usr/sbin/in.rshd
        disable                 = no
}

exp: rlogin

[root@rsh ~]# cat /etc/xinetd.d/rlogin
# default: on
# description: rlogind is the server for the rlogin(1) program. The server \
#       provides a remote login facility with authentication based on \
#       privileged port numbers from trusted hosts.
service login
{
        socket_type             = stream
        wait                    = no
        user                    = root
        log_on_success          += USERID
        log_on_failure          += USERID
        server                  = /usr/sbin/in.rlogind
        disable                 = no
}

exp : rexec

[root@rsh ~]# cat /etc/xinetd.d/rexec
# default: off
# description: Rexecd is the server for the rexec(3) routine. The server \
#       provides remote execution facilities with authentication based \
#       on user names and passwords.
service exec
{
        socket_type             = stream
        wait                    = no
        user                    = root
        log_on_success          += USERID
        log_on_failure          += USERID
        server                  = /usr/sbin/in.rexecd
        disable                 = no
}

2 Add RSH server`s and RSH client`s hosts informations

RSH server `s host files

exp :

[root@rsh ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
10.254.241.251 rsh.server rsh
10.254.241.249 rsh.client rsh
（rsh.client是rsh client的hostname，rsh.server是rsh server的hostname）
RSH client`s host files

exp:

[root@rsh ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
10.254.241.251 rsh.server rsh

3 Add the RSH client login informations

files`s name and location is /etc/hosts.equiv

exp:

[root@rsh ~]# cat /etc/hosts.equiv
rsh.client root
rsh.client rsh（rsh是用户名，client和server都有）

4 Add the RSH client`s login user for RSH server

Add the .rhosts file to the user `s document which RSH client   login.
（.rhosts文件是不存在的需要创建，并添加
rsh.client root
rsh.client rsh
10.254.241.249 rsh
10.254.241.249 root
）
exp :

[root@rsh ~]# ls -la
total 132
drwxr-x--- 4 root root 4096 Jun 22 23:00 .
drwxr-xr-x 23 root root 4096 Jun 22 22:41 ..
-rw------- 1 root root   849 Jun 20 22:40 anaconda-ks.cfg
-rw------- 1 root root 1957 Jun 22 22:39 .bash_history
-rw-r--r-- 1 root root    24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root   191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root   176 Jan 6 2007 .bashrc
-rw-r--r-- 1 root root   100 Jan 6 2007 .cshrc
drwx------ 3 root root 4096 Jun 20 22:38 .gconf
drwx------ 2 root root 4096 Jun 20 22:38 .gconfd
-rw-r--r-- 1 root root 18700 Jun 20 22:40 install.log
-rw-r--r-- 1 root root 3859 Jun 20 22:40 install.log.syslog
-rw------- 1 root root    35 Jun 22 22:24 .lesshst
-rw------- 1 root root    30 Jun 22 22:26 .rhosts
-rw-r--r-- 1 root root   129 Jan 6 2007 .tcshrc
-rw------- 1 root root 5230 Jun 22 23:00 .viminfo

modify the .rhosts `s file purview.

chmod 600 .rhosts

5 modify some securety files to allow root can be logined by RSH client.

The securety files `s name is /etc/securetty and /etc/pam.d/rsh,but just modify only one be ok .（两个我都做了）

exp:

securetty

echo "rexec" >> /etc/securetty

echo "rlogin" >> /etc/securetty

echo "rsh" >> /etc/securetty

exp: pam.d/rsh

[root@rsh ~]# cat /etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth       required     pam_nologin.so
#auth       required     pam_securetty.so
auth       required     pam_env.so
auth       required     pam_rhosts_auth.so
account    include      system-auth
session    optional     pam_keyinit.so    force revoke
session    include      system-auth

（使用netstat -an | grep 514查看tcp        0      0 0.0.0.0:514                 0.0.0.0:*                   LISTEN
如果没有执行/etc/init.d/xinetd restart）
6 RSH client testing

[root@localhost ~]# rsh 172.16.8.23 ls
connect to address 172.16.8.23 port 544: Connection refused
Trying krb4 rsh...
connect to address 172.16.8.23 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)
anaconda-ks.cfg
install.log
install.log.syslog

我使用rsh用户成功，root没有成功。
在安装Red Hat Enterpise Linux 5时，我设置了hostname，ip，dns。


Thank `s vbird`s document http://linux.vbird.org/linux_server/0310telnetssh.php#rsh