LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-01-2013, 10:12 PM   #1
BoraxMan
Member
 
Registered: Apr 2010
Posts: 84

Rep: Reputation: 8
rsh connection closed after successful login


I'm trying to get rsh working on a Fedora 18 system. I've set this up on many systems before, but can't get it working here.

I use rsh because these computers are not connected to the internet, and its more convenient than SSH, so we can dispense with the "you should use SSH comments".

I have enabled rsh and rlogin in the /etc/xinetd.d/rsh and rlogin files by changing disabled=yes to disabled=no

I have ALL: 192.168.0.0/255.255.255.0 in /etc/hosts.allow, to allow the local network.

the xinetd service is started. .rhosts is configured with the host name of the machine I'm connecting from, and the hostname is in /etc/hosts with the right ip address.

The issue is, that in.rlogin or in.rshd drops the connection immediately, when its set up right.

I have tried this with no firewall (again, private network its OK), and with selinux disabled.

The machines ping, rsync and telnet work. Just rsh.

Any ideas? How can I troublshoot this?

Thanks,
Borax Man
 
Old 03-01-2013, 10:37 PM   #2
eeekster
Member
 
Registered: Sep 2011
Posts: 158

Rep: Reputation: Disabled
Have you looked at the logs?
 
Old 03-02-2013, 02:33 AM   #3
BoraxMan
Member
 
Registered: Apr 2010
Posts: 84

Original Poster
Rep: Reputation: 8
Quote:
Originally Posted by eeekster View Post
Have you looked at the logs?
/var/log/messages and /var/log/secure have nothing useful.
/log/messages just has this

Mar 2 19:31:43 Oberon xinetd[2519]: START: login pid=2521 from=::ffff:127.0.0.1
Mar 2 19:31:46 Oberon xinetd[2519]: EXIT: login status=0 pid=2521 duration=3(sec)

So the server is starting, then immediately exiting.

If I try to run in.rlogind manually, I get this

logind: Can't get peer name of remote host: Socket operation on non-socket, but that may be because its run outside of xinetd.


Most of the problems I've had with Linux, is due to poor, or non existant error messages.
 
Old 03-02-2013, 01:36 PM   #4
eeekster
Member
 
Registered: Sep 2011
Posts: 158

Rep: Reputation: Disabled
Any selinux events logged?
 
Old 03-03-2013, 03:19 AM   #5
BoraxMan
Member
 
Registered: Apr 2010
Posts: 84

Original Poster
Rep: Reputation: 8
Quote:
Originally Posted by eeekster View Post
Any selinux events logged?
No, and I tried it with selinux disabled too.
 
Old 03-04-2013, 02:36 PM   #6
eeekster
Member
 
Registered: Sep 2011
Posts: 158

Rep: Reputation: Disabled
My only other thought is tcpwrappers (i.e. /etc/hosts.allow etc).
 
Old 03-07-2013, 05:52 AM   #7
rahul.sed
LQ Newbie
 
Registered: Dec 2012
Posts: 3

Rep: Reputation: Disabled
please check you iptables rules.
 
Old 03-09-2013, 06:27 PM   #8
BoraxMan
Member
 
Registered: Apr 2010
Posts: 84

Original Poster
Rep: Reputation: 8
There are no iptables rules. I've disabled the firewall. Makes no difference.
 
Old 03-10-2013, 06:16 AM   #9
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,264

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Here's possibly a dumb qn, but, have you installed the rsh-server pkg? Its not part of the default install these days?
 
Old 03-14-2013, 07:24 AM   #10
BoraxMan
Member
 
Registered: Apr 2010
Posts: 84

Original Poster
Rep: Reputation: 8
Quote:
Originally Posted by chrism01 View Post
Here's possibly a dumb qn, but, have you installed the rsh-server pkg? Its not part of the default install these days?


Installed..

No offence to people, but I've been in the past, a network admin, and I've configured RSH before. I've done a lot of searching before coming here, as a last resort.

I'm using the SAME set up, the EXACT same set up as my previous fedora 11 installation, and its not working. There is something else, and I just want to know how to troubleshoot it.

Again, just for the record.
Selinux is disabled.
Iptables is not active, ie, there are no filtering rules at all.
rsh-server is installed, xinetd is running and /etc/xinetd.d/rsh and rlogin have "disabled = yes" to "disabled = no" in those files to enable the service.

I have a .rhosts file, which lists the IP addresses of approved hosts, and its chmodded 600

/etc/hosts.allow has the following line
ALL: 192.168.0. localhost

It should work, but xinetd spawns a process upon connection (as you would expect) with immediately dies (as you would not expect), without any indication as to why.
 
Old 03-14-2013, 06:59 PM   #11
Astarath
LQ Newbie
 
Registered: Sep 2007
Posts: 13

Rep: Reputation: 0
Is it sitting behind an ASA or other device that performs NAT?
 
Old 03-14-2013, 07:13 PM   #12
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by BoraxMan View Post
I'm trying to get rsh working on a Fedora 18 system. I've set this up on many systems before, but can't get it working here.

I use rsh because these computers are not connected to the internet, and its more convenient than SSH, so we can dispense with the "you should use SSH comments".

I have enabled rsh and rlogin in the /etc/xinetd.d/rsh and rlogin files by changing disabled=yes to disabled=no

I have ALL: 192.168.0.0/255.255.255.0 in /etc/hosts.allow, to allow the local network.

the xinetd service is started. .rhosts is configured with the host name of the machine I'm connecting from, and the hostname is in /etc/hosts with the right ip address.

The issue is, that in.rlogin or in.rshd drops the connection immediately, when its set up right.

I have tried this with no firewall (again, private network its OK), and with selinux disabled.

The machines ping, rsync and telnet work. Just rsh.

Any ideas? How can I troublshoot this?

Thanks,
Borax Man
Anything in the /etc/security/access.conf file?
/etc/pam.d/rsh
/etc/pam.d/rlogin

Remember that in Fedora 18 that "iptables" isn't the default firewall...firewalld is

What does firewall-cmd --list-all show?

--C
 
Old 03-16-2013, 06:54 AM   #13
BoraxMan
Member
 
Registered: Apr 2010
Posts: 84

Original Poster
Rep: Reputation: 8
Quote:
Originally Posted by custangro View Post
Anything in the /etc/security/access.conf file?
/etc/pam.d/rsh
/etc/pam.d/rlogin

Remember that in Fedora 18 that "iptables" isn't the default firewall...firewalld is

What does firewall-cmd --list-all show?

--C
Thank you

/etc/security/access.conf

Code:
 + : bman : 127.0.0.0/24
#
 + : bman : 192.168.0.0/24
I have left out all the commented lines

/etc/pam.d/rsh
Code:
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth       required     pam_nologin.so
auth       required     pam_securetty.so
auth       required     pam_env.so
auth       required     pam_rhosts.so
auth	required	pam_securetty.so
account    include      password-auth

session	   optional     pam_keyinit.so    force revoke
session    required     pam_loginuid.so
session    include      password-auth
/etc/pam.d/rlogin
Code:
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth       required     pam_nologin.so
auth       required     pam_securetty.so
auth       required     pam_env.so
auth	required	pam_securetty.so
auth       sufficient   pam_rhosts.so
auth       include      password-auth
account    include      password-auth
password   include      password-auth
session	   optional     pam_keyinit.so    force revoke
session    required     pam_loginuid.so
session    include      password-auth
As for the firewall, I use iptables instead of firewalld (which is disabled). But with all rules flushed, no difference.

firewall-cmd does not exist on my system.

When I do try to log in using rsh to the SAME computer, ie by executing rsh 127.0.0.1, it still fails. xinetd calls the relevant daemon, it authenticates, but quits. It should at least work using the loopback device! Also, I have 127.0.0.1 in ~/.rhosts

/var/log/secure has this
Code:
Mar 16 22:51:24 Striker rlogind[29980]: pam_rhosts(rlogin:auth): allowed access to bman@localhost as bman
So it does authenticate successfully. It's just that the connection closes and all thats in /var/log/messages is
Code:
Mar 16 22:53:49 Striker xinetd[29750]: START: login pid=30082 from=::ffff:127.0.0.1
Mar 16 22:53:50 Striker xinetd[29750]: EXIT: login status=0 pid=30082 duration=1(sec)
So neither a firewall, or failed authentication is the issue. I'm thinking it is a bug with Fedora 18?

Last edited by BoraxMan; 03-16-2013 at 06:56 AM.
 
Old 03-18-2013, 11:43 AM   #14
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
[QUOTE=BoraxMan;4912801]So neither a firewall, or failed authentication is the issue. I'm thinking it is a bug with Fedora 18?/QUOTE]

I actually have rsh working on my Fedora 18 system...

Are you trying to RSH commands in or are you trying to login using RSH?

This is what I have

Code:
[chrish@montools2 ~]$ cat /etc/pam.d/rsh  | grep -v '^#'
auth       required     pam_nologin.so
auth       required     pam_securetty.so
auth       required     pam_env.so
auth       required     pam_rhosts.so
account    include      password-auth
session	   optional     pam_keyinit.so    force revoke
session    required     pam_loginuid.so
session    include      password-auth
auth		sufficient	pam_ldap.so
account		sufficient	pam_ldap.so
password	sufficient	pam_ldap.so
session		sufficient	pam_ldap.so

[chrish@montools2 ~]$ cat /etc/pam.d/rlogin  | grep -v '^#'
auth       required     pam_nologin.so
auth       required     pam_securetty.so
auth       required     pam_env.so
auth       sufficient   pam_rhosts.so
auth       include      password-auth
account    include      password-auth
password   include      password-auth
session	   optional     pam_keyinit.so    force revoke
session    required     pam_loginuid.so
session    include      password-auth
auth		sufficient	pam_ldap.so
account		sufficient	pam_ldap.so
password	sufficient	pam_ldap.so
session		sufficient	pam_ldap.so
--C
 
Old 03-25-2013, 03:50 AM   #15
BoraxMan
Member
 
Registered: Apr 2010
Posts: 84

Original Poster
Rep: Reputation: 8
[QUOTE=custangro;4913940]
Quote:
Originally Posted by BoraxMan View Post
So neither a firewall, or failed authentication is the issue. I'm thinking it is a bug with Fedora 18?/QUOTE]

I actually have rsh working on my Fedora 18 system...

Are you trying to RSH commands in or are you trying to login using RSH?

This is what I have

Code:
[chrish@montools2 ~]$ cat /etc/pam.d/rsh  | grep -v '^#'
auth       required     pam_nologin.so
auth       required     pam_securetty.so
auth       required     pam_env.so
auth       required     pam_rhosts.so
account    include      password-auth
session	   optional     pam_keyinit.so    force revoke
session    required     pam_loginuid.so
session    include      password-auth
auth		sufficient	pam_ldap.so
account		sufficient	pam_ldap.so
password	sufficient	pam_ldap.so
session		sufficient	pam_ldap.so

[chrish@montools2 ~]$ cat /etc/pam.d/rlogin  | grep -v '^#'
auth       required     pam_nologin.so
auth       required     pam_securetty.so
auth       required     pam_env.so
auth       sufficient   pam_rhosts.so
auth       include      password-auth
account    include      password-auth
password   include      password-auth
session	   optional     pam_keyinit.so    force revoke
session    required     pam_loginuid.so
session    include      password-auth
auth		sufficient	pam_ldap.so
account		sufficient	pam_ldap.so
password	sufficient	pam_ldap.so
session		sufficient	pam_ldap.so
--C
That didn't work for me.

May I ask what you did to set it up?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RSH login/connection slows down when one of DNS go down vrtareg Linux - Server 1 03-29-2012 08:02 PM
[SOLVED] sftp, connection closed after successful connection. kaz2100 Linux - Software 1 09-30-2009 10:32 PM
TS-linux ssh drops connection as soon as login is successful BrandonChristel Linux - Embedded & Single-board computer 1 02-27-2008 10:29 AM
ssh server is closing the connection just after successful login puru_09 Linux - Security 3 04-03-2004 12:42 AM
why ssh server is closing the connection just after successful login puru_09 Linux - Networking 0 03-30-2004 12:25 AM


All times are GMT -5. The time now is 10:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration