LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-03-2012, 02:56 PM   #1
McBLT
LQ Newbie
 
Registered: Sep 2008
Location: Sacramento, CA
Posts: 7

Rep: Reputation: 0
rsh as root with no password


I am trying to run a few commands on like 30 clients and would rather not enter a password 100+ times so I am trying to find a way to use rsh without a password. I have tried both creating a .rhosts file (644 permission) in roots home dir and I have also tried the /etc/hosts.equiv method as well as both concurrently. I have had no luck with either method. Is there something that I am overlooking here? Thanks in advance.

Also If it matters I am using Debian 6.0.2 and I am not open to using ssh since it would require mucking around in someone's scripts.
 
Old 08-03-2012, 03:10 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Not wanting to be "mucking around in someone's scripts" seems a very poor excuse for compromising security on over 100 systems. If you have that much access it seems you must be an administrator and if so I suggest you're failing at your job if you try to take what you think is the easier path at the expense of basic security.

The difference between an rsh command line and an ssh command line aren't that vast but security differences are.

Anyway as a hint for how to do this the WRONG way you appear to desire - have a look at inetd or xinetd as it relates to rsh/rlogin/rexec.
 
1 members found this post helpful.
Old 08-03-2012, 03:25 PM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,926

Rep: Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690
Quote:
Originally Posted by McBLT View Post
I am trying to run a few commands on like 30 clients and would rather not enter a password 100+ times so I am trying to find a way to use rsh without a password. I have tried both creating a .rhosts file (644 permission) in roots home dir and I have also tried the /etc/hosts.equiv method as well as both concurrently. I have had no luck with either method. Is there something that I am overlooking here? Thanks in advance.

Also If it matters I am using Debian 6.0.2 and I am not open to using ssh since it would require mucking around in someone's scripts.
I absolutely agree with MensaWater. Rsh is VERY old and insecure as it is...allowing root to use it WITHOUT a password is one of the worst things I've ever heard.

If you are an administrator, you need to realize that YOU are responsible for the systems. If you damage 30 systems (either through carelessness or leaving something insecure), it will be YOU that has to fix/rebuild them, and then answer to your employers as to WHY it happened. If someone who worked for me tried to do this, I'd write them up at the very least, or fire them at worst. Yes, there are times when you are forced to do something you shouldn't (and know better than to do)...but not feeling like editing scripts/entering passwords is a VERY poor reason.

Doing an SSH keyswap is simple, as is adding a user into the SUDO'ers file on your client systems. This will let a 'normal' user log in with no password, and execute scripts with root level privileges. The command would be:
Code:
ssh user@system "sudo <some command/script name>"
That's it. You could even use expect to write your own scripts (as an administrator, you should also know how to script, or at least be willing to learn), or look into another tool like fanout, which executes commands on multiple servers.
 
Old 08-03-2012, 03:44 PM   #4
McBLT
LQ Newbie
 
Registered: Sep 2008
Location: Sacramento, CA
Posts: 7

Original Poster
Rep: Reputation: 0
Fellas I understand the concern but security is not an issue here. These are just VMs that I use strictly for testing purposes. Once I finish what I am doing they will be destroyed. This is why I am trying to keep things as simple as possible for myself.
 
Old 08-03-2012, 03:57 PM   #5
McBLT
LQ Newbie
 
Registered: Sep 2008
Location: Sacramento, CA
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TB0ne View Post
I absolutely agree with MensaWater. Rsh is VERY old and insecure as it is...allowing root to use it WITHOUT a password is one of the worst things I've ever heard.

If you are an administrator, you need to realize that YOU are responsible for the systems. If you damage 30 systems (either through carelessness or leaving something insecure), it will be YOU that has to fix/rebuild them, and then answer to your employers as to WHY it happened. If someone who worked for me tried to do this, I'd write them up at the very least, or fire them at worst. Yes, there are times when you are forced to do something you shouldn't (and know better than to do)...but not feeling like editing scripts/entering passwords is a VERY poor reason.

Doing an SSH keyswap is simple, as is adding a user into the SUDO'ers file on your client systems. This will let a 'normal' user log in with no password, and execute scripts with root level privileges. The command would be:
Code:
ssh user@system "sudo <some command/script name>"
That's it. You could even use expect to write your own scripts (as an administrator, you should also know how to script, or at least be willing to learn), or look into another tool like fanout, which executes commands on multiple servers.
This was very well written but did not address my question in the slightest. I simply came for help. And I'm not an admin. I would totally understand your position if I was thought. And probably would not be asking this question, especially in the noob section. But I do thank you for strongly reiterating MensaWater's point.
 
Old 08-03-2012, 05:05 PM   #6
kaiserkarl13
LQ Newbie
 
Registered: Jan 2010
Distribution: Fedora
Posts: 23

Rep: Reputation: 4
I don't understand why using ssh requires "mucking around in someone's scripts"; SSH and RSH do pretty much the same thing, except that the former does it a lot more securely.

If you're looking for non-password authentication, in a secure manner, I recommend using ssh-keygen to create a public/private key pair. On each machine you intend to connect to, concatenate your public key onto the end of /root/.ssh/authorized_keys. You should now be able to ssh from one machine to the others without it prompting you for a password (it may, and should, ask for the password you created to unlock your private key, but only the first time you connect during a given session).

By the way, using public key encryption is actually significantly more secure than using a password every time, provided that the private key is kept in its usual safe place and no one is able to copy it. The chances of someone guessing your private key are next to nothing; the chances of guessing a password aren't that great, but a whole lot better than guessing the private key.
 
1 members found this post helpful.
Old 08-03-2012, 05:59 PM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,926

Rep: Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690
Quote:
Originally Posted by McBLT View Post
This was very well written but did not address my question in the slightest. I simply came for help.
And you got it...but not the kind of help you wanted. If you read MensaWater's first reply, a solution is in it. RSH isn't encouraged at all, and allowing root to do it may not be an option AT ALL, much less without a password. And I also gave you a solution and the exact syntax for an SSH command to do exactly what you want.
Quote:
And I'm not an admin. I would totally understand your position if I was thought. And probably would not be asking this question, especially in the noob section. But I do thank you for strongly reiterating MensaWater's point.
You didn't provide us any background/details in your original post, so why would we have known any of that? If you ask people who are experienced admins how to do something, you're going to get told the right way to do it, unless you give details. And if you're not an admin, why do you have to perform admin tasks on 30 servers? And if it's just for yourself...how did someone elses scripts come to enter the picture?

If this really is a learning/lab experience, then learning how to 'muck about' in scripts would TEACH you. And if you are trying to learn such things, then you should also concentrate on doing them RIGHT. You would have to look pretty hard to find a company that would let you use RSH at all these days.

A brief Google search turns up a good bit on setting up RSH on Debian, and some hints as to how to allow root logins w/no passwords.
http://blog.edseek.com/archives/2004...bian-gnulinux/
http://linux.derkeiler.com/Mailing-L.../msg00059.html
http://www.debianhelp.co.uk/rootlogin.htm

Sorry we tried to help you with the correct answers...good luck.
 
Old 08-03-2012, 08:54 PM   #8
McBLT
LQ Newbie
 
Registered: Sep 2008
Location: Sacramento, CA
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TB0ne View Post
And you got it...but not the kind of help you wanted. If you read MensaWater's first reply, a solution is in it. RSH isn't encouraged at all, and allowing root to do it may not be an option AT ALL, much less without a password. And I also gave you a solution and the exact syntax for an SSH command to do exactly what you want.

You didn't provide us any background/details in your original post, so why would we have known any of that? If you ask people who are experienced admins how to do something, you're going to get told the right way to do it, unless you give details. And if you're not an admin, why do you have to perform admin tasks on 30 servers? And if it's just for yourself...how did someone elses scripts come to enter the picture?

If this really is a learning/lab experience, then learning how to 'muck about' in scripts would TEACH you. And if you are trying to learn such things, then you should also concentrate on doing them RIGHT. You would have to look pretty hard to find a company that would let you use RSH at all these days.

A brief Google search turns up a good bit on setting up RSH on Debian, and some hints as to how to allow root logins w/no passwords.
http://blog.edseek.com/archives/2004...bian-gnulinux/
http://linux.derkeiler.com/Mailing-L.../msg00059.html
http://www.debianhelp.co.uk/rootlogin.htm

Sorry we tried to help you with the correct answers...good luck.
I totally appreciate the help. Don't assume because I wanted an answer the way I wanted it that I am not taking note of the suggestion. My intent was to find a way of doing this without changing someone else's scripts. But I did learn something new to use in the future, just not for this particular task. I am not experienced with using this forum and was not aware of the amount of detail I should have gone into, seeing as I didn't want to be too wordy. But without a doubt I do appreciate the information so that both TB0ne and MensaWater.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
cant rsh without password dispite following howto's! SourCreamAndOni Linux - Software 2 08-09-2009 05:11 PM
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 11:28 PM
Rsh , Rlogin Without password shan_nathan Linux - Security 8 08-18-2007 02:21 AM
rsh without password JurajPsycho Linux - Networking 4 08-03-2005 06:38 AM
rsh without password Qex Linux - Security 3 08-09-2003 01:54 PM


All times are GMT -5. The time now is 04:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration