LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   rsh--- poll:protocol failure in circuit setup" error (https://www.linuxquestions.org/questions/linux-networking-3/rsh-poll-protocol-failure-in-circuit-setup-error-207965/)

haoscar 07-21-2004 02:05 PM

rsh--- poll:protocol failure in circuit setup" error
 
hi,
I have two machines. I wanted to use MPICH which uses rsh for communication. When i say
"rsh sam.coes.latech.edu /bin/ls" I get correct result. When I "rsh kaymera.coes.latech.edu /bin/ls"

I get the "poll: protocol failure in circuit setup" error.

my .rhosts file has both the hosts mentioned
sam.coes.latech.edu condor
kaymera.coes.latech.edu condor

my hosts.equiv also has both the hosts mentioned
localhost.localdomain
sam.coes.latech.edu
kaymera.coes.latech.edu

The rsh entry in xinetd.d directory has "diable= no" mentioned.

I found a previous post having similar problem but he had problems with getting rsh on the same computer while my rsh doesnt work while accessing the remote computer

Any inputs will help,
Thanks a lot,
haoscar

osvaldomarques 07-22-2004 03:45 AM

If I understood correctly, you are mentioning /etc/hosts.equiv and .rhosts in your computer. If my understanding is right, you need on the files in the remote computer have yours assigned. These are trusted computers list files and your computer must be trusted there. Also, in the remote computer you need to have an entry "rsh" into /etc/securetty.
You confused me with this "diable" thing in a "daemon" config. You wanna means "disable"?

haoscar 07-22-2004 10:56 AM

Yes I meant "disable=no". A typo by me. I wanted MPICH to work. SO that would mean i need to make entries of all the compute nodes in the securetty file of node that spawns the mpi jobs. Also an entry in each compute node for the node that would spawn the MPI jobs.

Thanks for your help. Will get back if problem not solved.

Many Thanks,
haoscar

haoscar 07-23-2004 05:32 PM

Hi,
Still the problem persists. Here are the contents of the .rhosts & /etc/hosts.equiv files on both machines. Both file contents are same.I also added entry for rsh in /etc/securetty in both hosts.

[root@sam condor]# cat /etc/hosts.equiv
localhost.localdomain
sam.coes.latech.edu condor
kaymera.coes.latech.edu condor

[root@sam condor]# cat .rhosts
sam.coes.latech.edu condor
kaymera.coes.latech.edu condor

I can rsh locally meaning "rsh sam.coes.latech.edu /bin/ls" works fine.Same with the other host. But
"rsh kaymera.coes.latech.edu /bin/ls" gives the poll:protocol failure in circuit setup.

I think rsh is working means that the xinetd entry should be fine. I have done the "disable =no" updation at both palces. Also placed the .rhosts file in root directory.

Please help. Is there anything wrong I am doing in this?.
Many thanks,
haoscar

osvaldomarques 07-23-2004 06:22 PM

Hi Haoscar,
Look at the "/var/log/messages" of the remote machine during the execution of an rsh to see if there is any report there and tell me. Use the command
Code:

tail -f /var/log/messages

osvaldomarques 07-23-2004 09:15 PM

Hi again,
I did some research, looking for your error messages. I did grep the kernel, xinetd and inetutils source. I found the message "protocol failure in circuit setup" only in a function named kcmd, relative to inetutils, from which rsh and rshd are parts of. This error happens when it receives a message where the client socket is not in the range 512-1023. If you read "man rshd" you will see this error as the first step in the connection protocol. So, may be your rsh (client) is executing as non-root. If you enter
Code:

ls -l /usr/bin/rsh
-rwsr-xr-x    1 root    root        8372 Jan  8  2002 /usr/bin/rsh*

you must have the set-suid in this file. For purpose of clarification, it is represented by the "s" character in the permission, instead of the "x". This means this command must be always executed as root, as only root can open a socket number less than 1024.
Well, I am trying to reproduce the problem as I am writing this post. I reset the set-suid bit and the system gave me
Code:

Modelo:~$ rsh modelo ls -l
rcmd: socket: Permission denied

As this is not the error in question, I restored the set-suid bit and changed /etc/xinetd.d/rsh, replacing the line "user = root" by "user = osvaldo". I restarted xinetd and shoot again
Code:

Modelo:~# rsh modelo ls -l
poll: protocol failure in circuit setup

And voila! Did you change the rsh to run under other user than root?

Good luck!

haoscar 07-24-2004 04:24 PM

Hi osvaldomarques,
Thanks for your replies. Well the problem still persists. I had not tampered with the user = root statement. But accidentally one thing came to my notice is that , I am able to "rsh kaymera.coes.latech.edu" and login to the other machine withour password. But when I give "rsh kaymera.coes.latech.edu ls" it gives the poll: protocol circuit failure error.
Here is my /etc/xinetd.d/rsh file
service shell
{
disable = no
socket_type = stream
flags = REUSE
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}

I was looking into the /var/log/messages (on sam) and I found this with the tail command

Jul 24 15:45:23 localhost rshd[4541]: connect second port: Connection refused
Jul 24 15:45:42 localhost rshd[4542]: connect second port: Connection refused
Jul 24 15:49:24 localhost rshd[4572]: connect second port: Connection refused
Jul 24 15:49:27 localhost rshd[4573]: connect second port: Connection refused

/var/log/messages on kaymera (other host) it showed
/******************** when ran "rsh kaymera.coes.latech.edu ls" ************************/
Jul 24 16:07:29 kaymera rshd[5629]: connect second port: Connection refused
Jul 24 16:16:02 kaymera rshd[5634]: connect second port: Connection refused
Jul 24 16:16:07 kaymera rshd[5635]: connect second port: Connection refused

/******************** when ran "rsh kaymera.coes.latech.edu "
Jul 24 16:16:57 kaymera pam_rhosts_auth[5637]: allowed to condor@sam.coes.latech.edu as condor
Jul 24 16:16:57 kaymera login(pam_unix)[5638]: session opened for user condor by (uid=0)
Jul 24 16:16:57 kaymera login -- condor[5638]: LOGIN ON pts/1 BY condor FROM sam


I tried to just keep hostnames in the .rhosts & /etc.hosts.equiv files. i.e no users
but still it did not help. Do you think this must be a firewall issue or its because I have .ssh folders in both the places. COuld these be the reasons for rsh not working. Thanks for your help,
Please reply,
Haoscar

osvaldomarques 07-24-2004 11:19 PM

Hi haoscar,
I think now is the time to check pam. In the /etc/pam.d you will have "rsh" again. The contents of mine are
Code:

#%PAM-1.0
auth      required    /lib/security/pam_rhosts_auth.so
auth      required    /lib/security/pam_nologin.so
account    required    /lib/security/pam_pwdb.so
session    required    /lib/security/pam_pwdb.so

I didn't talk about it because you have the "poll:..." message. Normally, if we can't authenticate pam, we get "connection refused" or "permission denied". I know since the past millennium that when we call "rsh" without a command it executes "rlogin". However, until now, I never tried to confirm this "computer legend". But it is here, in the line 300 of rsh.c
Code:

  /* If no further arguments, must have been called as rlogin. */
  if (!argv[optind])
    {
      if (asrsh)
        *argv = (char *)"rlogin";
      seteuid (getuid ());
      setuid (getuid ());
      execv (PATH_RLOGIN, argv);
      errx (1, "can't exec %s", PATH_RLOGIN);
    }

This means your remote system accepts "rlogin" but doesn't accept "rsh". Maybe our problem is really "pam".

Good luck!
PS. I'm preparing an answer to you mail.

haoscar 07-25-2004 03:03 PM

Hi ,
Well I dont know much about pam, truns out. Here are my contents of /etc/pam.d/rsh
[root@sam pam.d]# cat rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts_auth.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
[root@sam pam.d]#

I also appended rsh at the end of securetty file in /etc directory.
Would removing the other 2 auth lines help to login. HOw important are these files to make a change to.
I mean security wise.
Thanks for your help.
Haoscar

osvaldomarques 07-25-2004 05:34 PM

Hi Haoscar,
Save your pam file and edit the current to reflect the contents of the mine and try a rsh session. If you have success, we will try to understand the differences of both. Otherwise, we don't have to lose too much time on it. By the way, I knew pam enough to put rsh working three or four years ago.

Have a nice try!


All times are GMT -5. The time now is 09:26 PM.