Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to run a few commands on like 30 clients and would rather not enter a password 100+ times so I am trying to find a way to use rsh without a password. I have tried both creating a .rhosts file (644 permission) in roots home dir and I have also tried the /etc/hosts.equiv method as well as both concurrently. I have had no luck with either method. Is there something that I am overlooking here? Thanks in advance.
Also If it matters I am using Debian 6.0.2 and I am not open to using ssh since it would require mucking around in someone's scripts.
Not wanting to be "mucking around in someone's scripts" seems a very poor excuse for compromising security on over 100 systems. If you have that much access it seems you must be an administrator and if so I suggest you're failing at your job if you try to take what you think is the easier path at the expense of basic security.
The difference between an rsh command line and an ssh command line aren't that vast but security differences are.
Anyway as a hint for how to do this the WRONG way you appear to desire - have a look at inetd or xinetd as it relates to rsh/rlogin/rexec.
I am trying to run a few commands on like 30 clients and would rather not enter a password 100+ times so I am trying to find a way to use rsh without a password. I have tried both creating a .rhosts file (644 permission) in roots home dir and I have also tried the /etc/hosts.equiv method as well as both concurrently. I have had no luck with either method. Is there something that I am overlooking here? Thanks in advance.
Also If it matters I am using Debian 6.0.2 and I am not open to using ssh since it would require mucking around in someone's scripts.
I absolutely agree with MensaWater. Rsh is VERY old and insecure as it is...allowing root to use it WITHOUT a password is one of the worst things I've ever heard.
If you are an administrator, you need to realize that YOU are responsible for the systems. If you damage 30 systems (either through carelessness or leaving something insecure), it will be YOU that has to fix/rebuild them, and then answer to your employers as to WHY it happened. If someone who worked for me tried to do this, I'd write them up at the very least, or fire them at worst. Yes, there are times when you are forced to do something you shouldn't (and know better than to do)...but not feeling like editing scripts/entering passwords is a VERY poor reason.
Doing an SSH keyswap is simple, as is adding a user into the SUDO'ers file on your client systems. This will let a 'normal' user log in with no password, and execute scripts with root level privileges. The command would be:
Code:
ssh user@system "sudo <some command/script name>"
That's it. You could even use expect to write your own scripts (as an administrator, you should also know how to script, or at least be willing to learn), or look into another tool like fanout, which executes commands on multiple servers.
Fellas I understand the concern but security is not an issue here. These are just VMs that I use strictly for testing purposes. Once I finish what I am doing they will be destroyed. This is why I am trying to keep things as simple as possible for myself.
I absolutely agree with MensaWater. Rsh is VERY old and insecure as it is...allowing root to use it WITHOUT a password is one of the worst things I've ever heard.
If you are an administrator, you need to realize that YOU are responsible for the systems. If you damage 30 systems (either through carelessness or leaving something insecure), it will be YOU that has to fix/rebuild them, and then answer to your employers as to WHY it happened. If someone who worked for me tried to do this, I'd write them up at the very least, or fire them at worst. Yes, there are times when you are forced to do something you shouldn't (and know better than to do)...but not feeling like editing scripts/entering passwords is a VERY poor reason.
Doing an SSH keyswap is simple, as is adding a user into the SUDO'ers file on your client systems. This will let a 'normal' user log in with no password, and execute scripts with root level privileges. The command would be:
Code:
ssh user@system "sudo <some command/script name>"
That's it. You could even use expect to write your own scripts (as an administrator, you should also know how to script, or at least be willing to learn), or look into another tool like fanout, which executes commands on multiple servers.
This was very well written but did not address my question in the slightest. I simply came for help. And I'm not an admin. I would totally understand your position if I was thought. And probably would not be asking this question, especially in the noob section. But I do thank you for strongly reiterating MensaWater's point.
I don't understand why using ssh requires "mucking around in someone's scripts"; SSH and RSH do pretty much the same thing, except that the former does it a lot more securely.
If you're looking for non-password authentication, in a secure manner, I recommend using ssh-keygen to create a public/private key pair. On each machine you intend to connect to, concatenate your public key onto the end of /root/.ssh/authorized_keys. You should now be able to ssh from one machine to the others without it prompting you for a password (it may, and should, ask for the password you created to unlock your private key, but only the first time you connect during a given session).
By the way, using public key encryption is actually significantly more secure than using a password every time, provided that the private key is kept in its usual safe place and no one is able to copy it. The chances of someone guessing your private key are next to nothing; the chances of guessing a password aren't that great, but a whole lot better than guessing the private key.
This was very well written but did not address my question in the slightest. I simply came for help.
And you got it...but not the kind of help you wanted. If you read MensaWater's first reply, a solution is in it. RSH isn't encouraged at all, and allowing root to do it may not be an option AT ALL, much less without a password. And I also gave you a solution and the exact syntax for an SSH command to do exactly what you want.
Quote:
And I'm not an admin. I would totally understand your position if I was thought. And probably would not be asking this question, especially in the noob section. But I do thank you for strongly reiterating MensaWater's point.
You didn't provide us any background/details in your original post, so why would we have known any of that? If you ask people who are experienced admins how to do something, you're going to get told the right way to do it, unless you give details. And if you're not an admin, why do you have to perform admin tasks on 30 servers? And if it's just for yourself...how did someone elses scripts come to enter the picture?
If this really is a learning/lab experience, then learning how to 'muck about' in scripts would TEACH you. And if you are trying to learn such things, then you should also concentrate on doing them RIGHT. You would have to look pretty hard to find a company that would let you use RSH at all these days.
And you got it...but not the kind of help you wanted. If you read MensaWater's first reply, a solution is in it. RSH isn't encouraged at all, and allowing root to do it may not be an option AT ALL, much less without a password. And I also gave you a solution and the exact syntax for an SSH command to do exactly what you want.
You didn't provide us any background/details in your original post, so why would we have known any of that? If you ask people who are experienced admins how to do something, you're going to get told the right way to do it, unless you give details. And if you're not an admin, why do you have to perform admin tasks on 30 servers? And if it's just for yourself...how did someone elses scripts come to enter the picture?
If this really is a learning/lab experience, then learning how to 'muck about' in scripts would TEACH you. And if you are trying to learn such things, then you should also concentrate on doing them RIGHT. You would have to look pretty hard to find a company that would let you use RSH at all these days.
Sorry we tried to help you with the correct answers...good luck.
I totally appreciate the help. Don't assume because I wanted an answer the way I wanted it that I am not taking note of the suggestion. My intent was to find a way of doing this without changing someone else's scripts. But I did learn something new to use in the future, just not for this particular task. I am not experienced with using this forum and was not aware of the amount of detail I should have gone into, seeing as I didn't want to be too wordy. But without a doubt I do appreciate the information so that both TB0ne and MensaWater.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.