LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 07-21-2004, 02:05 PM   #1
haoscar
LQ Newbie
 
Registered: Jul 2004
Posts: 24

Rep: Reputation: 15
rsh--- poll:protocol failure in circuit setup" error


hi,
I have two machines. I wanted to use MPICH which uses rsh for communication. When i say
"rsh sam.coes.latech.edu /bin/ls" I get correct result. When I "rsh kaymera.coes.latech.edu /bin/ls"

I get the "poll: protocol failure in circuit setup" error.

my .rhosts file has both the hosts mentioned
sam.coes.latech.edu condor
kaymera.coes.latech.edu condor

my hosts.equiv also has both the hosts mentioned
localhost.localdomain
sam.coes.latech.edu
kaymera.coes.latech.edu

The rsh entry in xinetd.d directory has "diable= no" mentioned.

I found a previous post having similar problem but he had problems with getting rsh on the same computer while my rsh doesnt work while accessing the remote computer

Any inputs will help,
Thanks a lot,
haoscar
 
Old 07-22-2004, 03:45 AM   #2
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
If I understood correctly, you are mentioning /etc/hosts.equiv and .rhosts in your computer. If my understanding is right, you need on the files in the remote computer have yours assigned. These are trusted computers list files and your computer must be trusted there. Also, in the remote computer you need to have an entry "rsh" into /etc/securetty.
You confused me with this "diable" thing in a "daemon" config. You wanna means "disable"?
 
Old 07-22-2004, 10:56 AM   #3
haoscar
LQ Newbie
 
Registered: Jul 2004
Posts: 24

Original Poster
Rep: Reputation: 15
Yes I meant "disable=no". A typo by me. I wanted MPICH to work. SO that would mean i need to make entries of all the compute nodes in the securetty file of node that spawns the mpi jobs. Also an entry in each compute node for the node that would spawn the MPI jobs.

Thanks for your help. Will get back if problem not solved.

Many Thanks,
haoscar
 
Old 07-23-2004, 05:32 PM   #4
haoscar
LQ Newbie
 
Registered: Jul 2004
Posts: 24

Original Poster
Rep: Reputation: 15
Hi,
Still the problem persists. Here are the contents of the .rhosts & /etc/hosts.equiv files on both machines. Both file contents are same.I also added entry for rsh in /etc/securetty in both hosts.

[root@sam condor]# cat /etc/hosts.equiv
localhost.localdomain
sam.coes.latech.edu condor
kaymera.coes.latech.edu condor

[root@sam condor]# cat .rhosts
sam.coes.latech.edu condor
kaymera.coes.latech.edu condor

I can rsh locally meaning "rsh sam.coes.latech.edu /bin/ls" works fine.Same with the other host. But
"rsh kaymera.coes.latech.edu /bin/ls" gives the pollrotocol failure in circuit setup.

I think rsh is working means that the xinetd entry should be fine. I have done the "disable =no" updation at both palces. Also placed the .rhosts file in root directory.

Please help. Is there anything wrong I am doing in this?.
Many thanks,
haoscar
 
Old 07-23-2004, 06:22 PM   #5
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi Haoscar,
Look at the "/var/log/messages" of the remote machine during the execution of an rsh to see if there is any report there and tell me. Use the command
Code:
tail -f /var/log/messages

Last edited by osvaldomarques; 07-23-2004 at 06:23 PM.
 
Old 07-23-2004, 09:15 PM   #6
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi again,
I did some research, looking for your error messages. I did grep the kernel, xinetd and inetutils source. I found the message "protocol failure in circuit setup" only in a function named kcmd, relative to inetutils, from which rsh and rshd are parts of. This error happens when it receives a message where the client socket is not in the range 512-1023. If you read "man rshd" you will see this error as the first step in the connection protocol. So, may be your rsh (client) is executing as non-root. If you enter
Code:
ls -l /usr/bin/rsh
-rwsr-xr-x    1 root     root         8372 Jan  8  2002 /usr/bin/rsh*
you must have the set-suid in this file. For purpose of clarification, it is represented by the "s" character in the permission, instead of the "x". This means this command must be always executed as root, as only root can open a socket number less than 1024.
Well, I am trying to reproduce the problem as I am writing this post. I reset the set-suid bit and the system gave me
Code:
Modelo:~$ rsh modelo ls -l
rcmd: socket: Permission denied
As this is not the error in question, I restored the set-suid bit and changed /etc/xinetd.d/rsh, replacing the line "user = root" by "user = osvaldo". I restarted xinetd and shoot again
Code:
Modelo:~# rsh modelo ls -l
poll: protocol failure in circuit setup
And voila! Did you change the rsh to run under other user than root?

Good luck!
 
Old 07-24-2004, 04:24 PM   #7
haoscar
LQ Newbie
 
Registered: Jul 2004
Posts: 24

Original Poster
Rep: Reputation: 15
Hi osvaldomarques,
Thanks for your replies. Well the problem still persists. I had not tampered with the user = root statement. But accidentally one thing came to my notice is that , I am able to "rsh kaymera.coes.latech.edu" and login to the other machine withour password. But when I give "rsh kaymera.coes.latech.edu ls" it gives the poll: protocol circuit failure error.
Here is my /etc/xinetd.d/rsh file
service shell
{
disable = no
socket_type = stream
flags = REUSE
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}

I was looking into the /var/log/messages (on sam) and I found this with the tail command

Jul 24 15:45:23 localhost rshd[4541]: connect second port: Connection refused
Jul 24 15:45:42 localhost rshd[4542]: connect second port: Connection refused
Jul 24 15:49:24 localhost rshd[4572]: connect second port: Connection refused
Jul 24 15:49:27 localhost rshd[4573]: connect second port: Connection refused

/var/log/messages on kaymera (other host) it showed
/******************** when ran "rsh kaymera.coes.latech.edu ls" ************************/
Jul 24 16:07:29 kaymera rshd[5629]: connect second port: Connection refused
Jul 24 16:16:02 kaymera rshd[5634]: connect second port: Connection refused
Jul 24 16:16:07 kaymera rshd[5635]: connect second port: Connection refused

/******************** when ran "rsh kaymera.coes.latech.edu "
Jul 24 16:16:57 kaymera pam_rhosts_auth[5637]: allowed to condor@sam.coes.latech.edu as condor
Jul 24 16:16:57 kaymera login(pam_unix)[5638]: session opened for user condor by (uid=0)
Jul 24 16:16:57 kaymera login -- condor[5638]: LOGIN ON pts/1 BY condor FROM sam


I tried to just keep hostnames in the .rhosts & /etc.hosts.equiv files. i.e no users
but still it did not help. Do you think this must be a firewall issue or its because I have .ssh folders in both the places. COuld these be the reasons for rsh not working. Thanks for your help,
Please reply,
Haoscar
 
Old 07-24-2004, 11:19 PM   #8
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi haoscar,
I think now is the time to check pam. In the /etc/pam.d you will have "rsh" again. The contents of mine are
Code:
#%PAM-1.0
auth       required     /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so
I didn't talk about it because you have the "poll:..." message. Normally, if we can't authenticate pam, we get "connection refused" or "permission denied". I know since the past millennium that when we call "rsh" without a command it executes "rlogin". However, until now, I never tried to confirm this "computer legend". But it is here, in the line 300 of rsh.c
Code:
  /* If no further arguments, must have been called as rlogin. */
  if (!argv[optind])
    {
      if (asrsh)
        *argv = (char *)"rlogin";
      seteuid (getuid ());
      setuid (getuid ());
      execv (PATH_RLOGIN, argv);
      errx (1, "can't exec %s", PATH_RLOGIN);
    }
This means your remote system accepts "rlogin" but doesn't accept "rsh". Maybe our problem is really "pam".

Good luck!
PS. I'm preparing an answer to you mail.
 
Old 07-25-2004, 03:03 PM   #9
haoscar
LQ Newbie
 
Registered: Jul 2004
Posts: 24

Original Poster
Rep: Reputation: 15
Hi ,
Well I dont know much about pam, truns out. Here are my contents of /etc/pam.d/rsh
[root@sam pam.d]# cat rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts_auth.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
[root@sam pam.d]#

I also appended rsh at the end of securetty file in /etc directory.
Would removing the other 2 auth lines help to login. HOw important are these files to make a change to.
I mean security wise.
Thanks for your help.
Haoscar
 
Old 07-25-2004, 05:34 PM   #10
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi Haoscar,
Save your pam file and edit the current to reflect the contents of the mine and try a rsh session. If you have success, we will try to understand the differences of both. Otherwise, we don't have to lose too much time on it. By the way, I knew pam enough to put rsh working three or four years ago.

Have a nice try!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rsh error: protocol failure in circuit setup Andrea Linux - Networking 5 09-17-2009 01:15 PM
poll: protocl failure in circuit setup grrrr mri Linux - Networking 0 09-18-2004 07:53 PM
rsh : poll: protocol failure in circuit setup haoscar Linux - Software 0 07-20-2004 08:49 PM
Error In Rsh Connection, poll:protocol failure in circuit set xhx321 Red Hat 5 04-20-2004 12:06 AM
Error In Rsh Connection, poll:protocol failure in circuit set xhx321 Linux - Networking 1 04-18-2004 06:34 AM


All times are GMT -5. The time now is 08:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration