LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   rsh connection closed after successful login (http://www.linuxquestions.org/questions/linux-server-73/rsh-connection-closed-after-successful-login-4175452338/)

BoraxMan 03-01-2013 10:12 PM

rsh connection closed after successful login
 
I'm trying to get rsh working on a Fedora 18 system. I've set this up on many systems before, but can't get it working here.

I use rsh because these computers are not connected to the internet, and its more convenient than SSH, so we can dispense with the "you should use SSH comments".

I have enabled rsh and rlogin in the /etc/xinetd.d/rsh and rlogin files by changing disabled=yes to disabled=no

I have ALL: 192.168.0.0/255.255.255.0 in /etc/hosts.allow, to allow the local network.

the xinetd service is started. .rhosts is configured with the host name of the machine I'm connecting from, and the hostname is in /etc/hosts with the right ip address.

The issue is, that in.rlogin or in.rshd drops the connection immediately, when its set up right.

I have tried this with no firewall (again, private network its OK), and with selinux disabled.

The machines ping, rsync and telnet work. Just rsh.

Any ideas? How can I troublshoot this?

Thanks,
Borax Man

eeekster 03-01-2013 10:37 PM

Have you looked at the logs?

BoraxMan 03-02-2013 02:33 AM

Quote:

Originally Posted by eeekster (Post 4902902)
Have you looked at the logs?

/var/log/messages and /var/log/secure have nothing useful.
/log/messages just has this

Mar 2 19:31:43 Oberon xinetd[2519]: START: login pid=2521 from=::ffff:127.0.0.1
Mar 2 19:31:46 Oberon xinetd[2519]: EXIT: login status=0 pid=2521 duration=3(sec)

So the server is starting, then immediately exiting.

If I try to run in.rlogind manually, I get this

logind: Can't get peer name of remote host: Socket operation on non-socket, but that may be because its run outside of xinetd.


Most of the problems I've had with Linux, is due to poor, or non existant error messages.

eeekster 03-02-2013 01:36 PM

Any selinux events logged?

BoraxMan 03-03-2013 03:19 AM

Quote:

Originally Posted by eeekster (Post 4903264)
Any selinux events logged?

No, and I tried it with selinux disabled too.

eeekster 03-04-2013 02:36 PM

My only other thought is tcpwrappers (i.e. /etc/hosts.allow etc).

rahul.sed 03-07-2013 05:52 AM

please check you iptables rules.

BoraxMan 03-09-2013 06:27 PM

There are no iptables rules. I've disabled the firewall. Makes no difference.

chrism01 03-10-2013 06:16 AM

Here's possibly a dumb qn, but, have you installed the rsh-server pkg? Its not part of the default install these days?

BoraxMan 03-14-2013 07:24 AM

Quote:

Originally Posted by chrism01 (Post 4908450)
Here's possibly a dumb qn, but, have you installed the rsh-server pkg? Its not part of the default install these days?



Installed..

No offence to people, but I've been in the past, a network admin, and I've configured RSH before. I've done a lot of searching before coming here, as a last resort.

I'm using the SAME set up, the EXACT same set up as my previous fedora 11 installation, and its not working. There is something else, and I just want to know how to troubleshoot it.

Again, just for the record.
Selinux is disabled.
Iptables is not active, ie, there are no filtering rules at all.
rsh-server is installed, xinetd is running and /etc/xinetd.d/rsh and rlogin have "disabled = yes" to "disabled = no" in those files to enable the service.

I have a .rhosts file, which lists the IP addresses of approved hosts, and its chmodded 600

/etc/hosts.allow has the following line
ALL: 192.168.0. localhost

It should work, but xinetd spawns a process upon connection (as you would expect) with immediately dies (as you would not expect), without any indication as to why.

Astarath 03-14-2013 06:59 PM

Is it sitting behind an ASA or other device that performs NAT?

custangro 03-14-2013 07:13 PM

Quote:

Originally Posted by BoraxMan (Post 4902892)
I'm trying to get rsh working on a Fedora 18 system. I've set this up on many systems before, but can't get it working here.

I use rsh because these computers are not connected to the internet, and its more convenient than SSH, so we can dispense with the "you should use SSH comments".

I have enabled rsh and rlogin in the /etc/xinetd.d/rsh and rlogin files by changing disabled=yes to disabled=no

I have ALL: 192.168.0.0/255.255.255.0 in /etc/hosts.allow, to allow the local network.

the xinetd service is started. .rhosts is configured with the host name of the machine I'm connecting from, and the hostname is in /etc/hosts with the right ip address.

The issue is, that in.rlogin or in.rshd drops the connection immediately, when its set up right.

I have tried this with no firewall (again, private network its OK), and with selinux disabled.

The machines ping, rsync and telnet work. Just rsh.

Any ideas? How can I troublshoot this?

Thanks,
Borax Man

Anything in the /etc/security/access.conf file?
/etc/pam.d/rsh
/etc/pam.d/rlogin

Remember that in Fedora 18 that "iptables" isn't the default firewall...firewalld is

What does firewall-cmd --list-all show?

--C

BoraxMan 03-16-2013 06:54 AM

Quote:

Originally Posted by custangro (Post 4911804)
Anything in the /etc/security/access.conf file?
/etc/pam.d/rsh
/etc/pam.d/rlogin

Remember that in Fedora 18 that "iptables" isn't the default firewall...firewalld is

What does firewall-cmd --list-all show?

--C

Thank you

/etc/security/access.conf

Code:

+ : bman : 127.0.0.0/24
#
 + : bman : 192.168.0.0/24

I have left out all the commented lines

/etc/pam.d/rsh
Code:

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth      required    pam_nologin.so
auth      required    pam_securetty.so
auth      required    pam_env.so
auth      required    pam_rhosts.so
auth        required        pam_securetty.so
account    include      password-auth

session          optional    pam_keyinit.so    force revoke
session    required    pam_loginuid.so
session    include      password-auth

/etc/pam.d/rlogin
Code:

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth      required    pam_nologin.so
auth      required    pam_securetty.so
auth      required    pam_env.so
auth        required        pam_securetty.so
auth      sufficient  pam_rhosts.so
auth      include      password-auth
account    include      password-auth
password  include      password-auth
session          optional    pam_keyinit.so    force revoke
session    required    pam_loginuid.so
session    include      password-auth

As for the firewall, I use iptables instead of firewalld (which is disabled). But with all rules flushed, no difference.

firewall-cmd does not exist on my system.

When I do try to log in using rsh to the SAME computer, ie by executing rsh 127.0.0.1, it still fails. xinetd calls the relevant daemon, it authenticates, but quits. It should at least work using the loopback device! Also, I have 127.0.0.1 in ~/.rhosts

/var/log/secure has this
Code:

Mar 16 22:51:24 Striker rlogind[29980]: pam_rhosts(rlogin:auth): allowed access to bman@localhost as bman
So it does authenticate successfully. It's just that the connection closes and all thats in /var/log/messages is
Code:

Mar 16 22:53:49 Striker xinetd[29750]: START: login pid=30082 from=::ffff:127.0.0.1
Mar 16 22:53:50 Striker xinetd[29750]: EXIT: login status=0 pid=30082 duration=1(sec)

So neither a firewall, or failed authentication is the issue. I'm thinking it is a bug with Fedora 18?

custangro 03-18-2013 11:43 AM

[QUOTE=BoraxMan;4912801]So neither a firewall, or failed authentication is the issue. I'm thinking it is a bug with Fedora 18?/QUOTE]

I actually have rsh working on my Fedora 18 system...

Are you trying to RSH commands in or are you trying to login using RSH?

This is what I have

Code:

[chrish@montools2 ~]$ cat /etc/pam.d/rsh  | grep -v '^#'
auth      required    pam_nologin.so
auth      required    pam_securetty.so
auth      required    pam_env.so
auth      required    pam_rhosts.so
account    include      password-auth
session          optional    pam_keyinit.so    force revoke
session    required    pam_loginuid.so
session    include      password-auth
auth                sufficient        pam_ldap.so
account                sufficient        pam_ldap.so
password        sufficient        pam_ldap.so
session                sufficient        pam_ldap.so

[chrish@montools2 ~]$ cat /etc/pam.d/rlogin  | grep -v '^#'
auth      required    pam_nologin.so
auth      required    pam_securetty.so
auth      required    pam_env.so
auth      sufficient  pam_rhosts.so
auth      include      password-auth
account    include      password-auth
password  include      password-auth
session          optional    pam_keyinit.so    force revoke
session    required    pam_loginuid.so
session    include      password-auth
auth                sufficient        pam_ldap.so
account                sufficient        pam_ldap.so
password        sufficient        pam_ldap.so
session                sufficient        pam_ldap.so

--C

BoraxMan 03-25-2013 03:50 AM

[QUOTE=custangro;4913940]
Quote:

Originally Posted by BoraxMan (Post 4912801)
So neither a firewall, or failed authentication is the issue. I'm thinking it is a bug with Fedora 18?/QUOTE]

I actually have rsh working on my Fedora 18 system...

Are you trying to RSH commands in or are you trying to login using RSH?

This is what I have

Code:

[chrish@montools2 ~]$ cat /etc/pam.d/rsh  | grep -v '^#'
auth      required    pam_nologin.so
auth      required    pam_securetty.so
auth      required    pam_env.so
auth      required    pam_rhosts.so
account    include      password-auth
session          optional    pam_keyinit.so    force revoke
session    required    pam_loginuid.so
session    include      password-auth
auth                sufficient        pam_ldap.so
account                sufficient        pam_ldap.so
password        sufficient        pam_ldap.so
session                sufficient        pam_ldap.so

[chrish@montools2 ~]$ cat /etc/pam.d/rlogin  | grep -v '^#'
auth      required    pam_nologin.so
auth      required    pam_securetty.so
auth      required    pam_env.so
auth      sufficient  pam_rhosts.so
auth      include      password-auth
account    include      password-auth
password  include      password-auth
session          optional    pam_keyinit.so    force revoke
session    required    pam_loginuid.so
session    include      password-auth
auth                sufficient        pam_ldap.so
account                sufficient        pam_ldap.so
password        sufficient        pam_ldap.so
session                sufficient        pam_ldap.so

--C

That didn't work for me.

May I ask what you did to set it up?


All times are GMT -5. The time now is 09:41 PM.