Hi @stormtracknole,@rg3
Quote:
Originally Posted by stormtracknole
Any reason why you want to use rsh instead of ssh? rsh is not encrypted and it's very easy to sniff it's packets.
|
I just want to run a Finite elements solver that uses rsh/ssh ( and/or ???) to move temporary files created during a calculation...
http://www.code-aster.org/V2/spip.php?rubrique2
In Debian ( the Distro I am using now in my Lappy ) I usually install this running a Python script... it places all stuff in a folder /opt/aster...
In order to run it, I must first source an environment file, /opt/aster/aster_profile.sh, and add /opt/aster/outils to PATH...
This allows me to call the Interface of the program, astk, an application in tcl/tk from command line, having all the environment ready...
There is a test mode... astk --check which allows me to test the ssh connectivity in the machine... right now, under my Debian Lenny, the result is this... :
<INFO> Color theme active :
<INFO> Domain name not defined for localhost. Remote machines couldn't contact localhost. Fill the domain name through Configuration/Interface menu.
<INFO> Full name of localhost : iskandhar
<INFO> The DISPLAY above is without domain name. It's possible that remote machines could'nt open windows.
<INFO> Display applications to iskandhar:0.0
<INFO> Command ps used : ps
<INFO> Test connection from iskandhar to iskandhar...
<INFO> External command on iskandhar :
echo hello
<INFO> Process number : 5080
<INFO> ============================== STANDARD OUTPUT ==============================
hello
=============================================================================
<INFO>
============================== STANDARD ERROR ===============================
=============================================================================
<INFO> ... connection succeed
<INFO> Test connection from iskandhar to iskandhar...
<INFO> External command on iskandhar :
rsh -n -l alex iskandhar echo hello
<INFO> Process number : 5085
The authenticity of host 'iskandhar (127.0.1.1)' can't be established.
RSA key fingerprint is db:cc:c3:d5:f1:3e:8e:0f:72:b9:00:3b:7c:f5:e0:56.
Are you sure you want to continue connecting (yes/no)?
<INFO> ============================== STANDARD OUTPUT ==============================
=============================================================================
<INFO>
============================== STANDARD ERROR ===============================
Host key verification failed.
=============================================================================
<ERROR 025> Connection failed :@n-n@====== end of message ======
Check .rhosts file of alex on iskandhar, it should contain a such line :
iskandhar alex
<INFO> Check step completed : 1 error(s).
<INFO> Session ended : 11/11/2009 - 21:47:29
EXIT CODE : 1
But it works... my .rhosts is like this... :
alex@iskandhar:~$ cat ~/.rhosts
iskandhar alex
iskandhar localhost
My ssh_config is like this :
alex@iskandhar:~$ cat /etc/ssh/ssh_config
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
My sshd_config :
alex@iskandhar:~$ cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
alex@iskandhar:~$
And finally, my /etc/gdm/gdm.conf :
.................................
# For full reference documentation see the gnome help browser under
# GNOME|System category. You can also find the docs in HTML form on
#
http://www.gnome.org/projects/gdm/
#
# NOTE: Lines that begin with "#" are considered comments.
#
# Have fun!
[daemon]
[security]
DisallowTCP=false
[xdmcp]
[gui]
[greeter]
[chooser]
[debug]
# Note that to disable servers defined in the GDM System Defaults
# configuration file (such as 0=Standard, you must put a line in this file
# that says 0=inactive, as described in the Configuration section of the GDM
# documentation.
#
[servers]
# Also note, that if you redefine a [server-foo] section, then GDM will
# use the definition in this file, not the GDM System Defaults configuration
# file. It is currently not possible to disable a [server-foo] section
# defined in the GDM System Defaults configuration file.
#
When I install this in Debian, after installing it i run as user
$ssh-keygen -t rsa
do not enter any password.. just [enter],
$cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
and then I edit /etc/gdm/gdm.conf to change [security] as above... or gdmsetup > security > uncheck [Deny TCP Connections to XServer]...
This is the sequence I use to enable ssh in a Debian machine...
In Debian... this works.... I mean... when i launch a calculation, the program opens an xterm window reporting the progress... and result files are created... trying to launch astk --check in Slackware under the current configuration, waits and waits and waits, to the poin that I have to click a dialog box to abort...
I tried to use in Slackware the same ssh_config and sshd_config files that I have in Debian, and using the same sequence to activate the ssh service... no avail... :-(
My ssh services are blocked to the exterior thru a firewall, no way to sniff packets... I only use it with this application...
The hostname of my debian machine is iskandhar, the one of my slackware machine is iskandhar.site
@rg3 : I am not at my Slaclexkware macine now... but I will check this as soon as I get back home...
Best Regards
Alex