Rcp, rlogin, rsh, telnet, hosts.equiv 9iRAC

Hello all,
I wonder whether rlogin, rsh, rcp, telnet and hosts.equiv are required for 9iRAC to function on Linux. The install guide for 9iRAC on RH AS2.1 has one start up those services and use hosts.equiv. Even though we are behind a firewall, I would much rather not have them running.
Any guidance would be appreciated
Thx
Wayne

Ok, I'll just try to sym link to secure equivalents and set up auth keys for Oracle user.

Similar Messages

  • How to enable rsh/telnet/rlogin

    Hi Followed the instructions at:
    http://docs.info.apple.com/article.html?artnum=106274
    to enable rsh/telnet/rlogin services, and restarted the
    machine (MacBook Pro, OS X 1.4, Darwin Kernel Version 8.6.1).
    Still I can't remotely do telnet/rsh/rlogin to the mac
    (get conenction refused error) from a Unix machine.
    Could someone tell me how to enable these services
    (right now ssh is the only one enabled by default,
    the machine is within a firewall, and for some applications,
    we need to enable rsh/rlgoin/telnet/ftp etc).
    Thanks.
    Macbook Pro   Mac OS X (10.4)  

    Hi Followed the instructions at:
    ttp://docs.info.apple.com/article.html?artnum=106274
    to enable rsh/telnet/rlogin services, and restarted
    the
    machine (MacBook Pro, OS X 1.4, Darwin Kernel Version
    8.6.1).
    Still I can't remotely do telnet/rsh/rlogin to the
    mac
    (get conenction refused error) from a Unix machine.
    If your firewall is activated
    then you have to add 3 new filter rules:<pre>
    Port Name: Other
    TCP Port Number(s): 514
    UDP Port Number(s):
    Description: rsh
    Port Name: Other
    TCP Port Number(s): 513
    UDP Port Number(s):
    Description: rlogin
    Port Name: Other
    TCP Port Number(s): 23
    UDP Port Number(s):
    Description: telnet
    </pre>
    You don't have to restart your Mac or your session.
    You could test it pretty quickly by doing a:<pre>
    telnet localhost
    rlogin localhost
    rsh localhost pwd
    </pre>
    dan    

  • Renaming .rhost and /etc/hosts.equiv

    Hi!
    In the Solaris hardening quide there is a point which says that the .rhost and /etc/hosts.equiv files should be removed. Is it enough if I just rename them (in the same directory) in order to be able to restore them in a later point?
    Thanks.

    Should be.
    7/M.

  • Inetd services (telnet, rlogin ,rsh) in Solaris 9 Branded Zone

    Hi,
    I've got two Solaris 9 Branded Zones running on an M3000. They both use exclusive IP.
    When I try and telnet, rlogin or rsh to either of my Solaris 9 zones from the other I get an error. With the r* commands I get a "Protocol error" message, and telnet just reports a terminated connection. I've tried Mr. Google, the results I get make sense for a physical host - i.e Protocol Error would occur if the server executable (in.rlogind, etc) was somehow messed up.
    Just to complicate things slightly the exclusive IP NICs are on a physically separate switch from the other NICs.
    I'd forgotten that with the Branded Zones some native features are actually handled by the underlying global zone (i.e. Solaris 10).
    Anyway, has anybody else had this same problem and how did you resolve it?
    Thanks
    Tim Shaw.

    I found out that the services in the Global Zone had been disabled. Simply enabling them fixed the problem :)

  • Using ssh without being asked for a password.

    Hey all,
    I need to access a new network which is now protected by firewalls. These firewalls will disconnect sessions that are idle for over an hour, this is a problem for a lot of Sun protocols that don't use keepalives (another Sun only idea!!!) such as 'rlogin', 'rsh', 'telnet' etc.
    I need to use a protocol such as 'ssh' or equivalent which uses keepalives to remote login to systems inside the protected network to overcome the firewall dropping the sessions. The systems inside this network are all on Solaris 8.
    The thing is that I need to overcome 'ssh' requirement for password authentication, as the users are clicking on a menu application that automatically does a rsh and starts the application without prompting the user for any information (I know you should use ssh with authentication, but in this case I cannot use it). Has anyone been able to configure 'ssh' on a system wide basis for all users to not ask for a password, and use standard NIS authentication with the hosts.equiv instead.
    I have found plenty of example of how to do this in Linux, but since Sun have decided not to implement ssh in the standard way like every other UNIX vendor and to use wrappers, none of those examples will work on Solaris.
    If someone has found a way of overcoming the keepalive issue with rlogin, rsh etc. I'd be really interested in knowing the hack done to get it working, as I would prefer to avoid installing anything on those systems in the new network.
    Thanks for reading,
    Mick.

    You could probably try re-installing SSH using the standard OpenSSH source, not the ones provided by sun.
    More of a pain, as you have to install on all the machines, but it would allow you to do as you said.
    It might also be possible to use a midleman linux machine to do it, but not sure how you would go about doing it that way.
    Not a solution, but some pointers. Hopefully, it helps.

  • Solaris 9 remote login (ssh) drops connection

    Hello All,
    I wonder if you can help me...
    Let me give you some set-up details before I ask you the question.
    I have Ultra-60 at home with Solaris 9 and recommended patch cluster installed. The machine is connected to a Linksys WAG54G ADSL router/modem through RJ45 ethernet cable. The router also has windows XP machine connected through RJ45 ethernet cable. I also have another windows XP machine that connects to the router over wireless connection.
    I have opened up required ports on the router/port forwarding so that I can access the services remotely. I was first using default ports for http and ssh, but have now changed them to different ports - to be a bit more secure.
    I have created a domain name through dyndns.org.
    I have ssh running on the solaris 9 machine and has all the remote commands (rlogin, rsh, telnet) commented out in the /etc/inetd.conf and hence are not running on the machine.
    I have a UK ADSL servise provider called Pipex.
    Now lets get to the problem:
    The whole purpose of the above set-up is that I want to access sun machine from work. The whole set-up works perfectly well - for a little while and then something strange happens. At work, when I connect to the sun machine, everything works fine and when I leave the session idle for 15-20 minutes (could be less time), the connection drops and then I can not connect to the machine for good couple of hours. When I say connection drops, I do not mean that system displays a logout message or something - There is no response from the server - pressing of return key does not do anything and eventually I get a message on windows pop up that connection is disconnected. If I try to retry, the client tries for a while and then says that connection timed out. Same thing happens if I use the IP address � I use the right IP address as someone at home checks the router to confirms the correct IP address. This eliminates problem with domain name.
    I have tried everything and can not work out what is causing this problem - the machine has all the 9_recommended patches. To narrow the problem down, I set up apache server on the sun machine. Today, when the connection dropped, I tried to connecting to the apache server and it failed - 'page can not be displayed' message on the internet explorer. However, after couple of minutes, I managed to get to the website but still can not get login prompt through ssh client.
    What does that mean? Does it mean that server is playing up, or is it the sshd or is there any time out option in solaris 9... the strange thing is that I can access the web page - though it was not accessible at start when connection to ssh dropped out.
    Could it be the router? The linksys do not come with a rule based firewall... so there is nothing that states that disconnects after some inactivity. The port forwarding is working as I do get to login to the server and to the web server. It can not be changing the default port numbers as the problem was there when there were standard ports being used.
    It is not the link at my office as my friend, in a different company gets the same problem on my machine � connects to it and after some in-activity, the connection drops and then he can not login for a long time.
    It can not be the ADSL link as people at home can use the internet without any problem and they can access the sun machine locally.
    It can not be the windows machines connected to the router as problem is there when windows machines are switched off � don�t know if windows would cause this, but just wanted to eliminate anything that I could think of.
    One strange think that I did see yesterday was that, when I managed to login the last command showed that I was logged in throughout the time � the time when I could not logged in . The error message in the /var/adm/messages stated something like socket error and connection reset by peer or something � can not give you exact message right now as I can not login to the machine. The time on the message was couple of couple of minutes before I managed to login again and that time was the same as the time showed in last command is my logout time.
    Does anyone know what is causing all this problem? Any pointers or help will be appreciated. If there is any place else that you think I can get the answer, please kindly let me know.

    Thanks...
    A few new developments....
    - I opened 2 sessions to the server, left one with no activity and in the other session, I ran iostat 1... The session with no activity got dropped and iostat one carried on... When the session dropped, I managed to login straight away... so no delay of couple of hours. May be because iostat was still running?
    - I now have an ftp server running on windows and I can access it even when connection drops out... right now I have no access to sun... but ftp server is running fine.
    - I enable remote router access and I can access that as well...
    - I enabled telnet and I can not access the sun with telnet either.
    So, its either solaris 9 or the router.
    Tomorrow, I will connect an another sun machine and then see if connection to both is dropped or just one. If it is to both then it must be router as the way ssh, telnet work is different to the way ftp work - as someone told me this today... so if other sun machine is not accessable then its not sol9 but router. The other machine has Sol 2.5.1 running.
    Some one said that it could be that router is running out of translation table entries - but with so few connections? Or it could be that when there is no activity, router thinks that connection should be dropped - there is no open in the router setup which states that... Or Solaris has some timeout feature?
    More later.
    Kind Regards
    Ahmerin

  • Copying Files From a Remote Machine through "rcp" command not working.

    Hi All,
    I'm a new comer to this famous forum. I was trying to go through the PDF "Solaris Advanced User's Guide" .So in chapter 9-"Using the network" i came across "Copying Files From a Remote Machine". And the syntax was "rcp machinename:source destination" . And i got another note. It is like
    "The rcp command enables you to copy files from one machine to another. This command uses the remote machine's /etc/hosts.equiv and /etc/passwd files to determine whether you have unchallenged access privileges. The syntax for rcp is similar to the command syntax for cp.".
    But i maintained remote machine's IP address in my system's /etc/hosts file. But still i am unable to do the rcp from remote system to my system or vice versa.
    Always i am getting error message " **Connection refused**".
    Therefore please some one guide me how to perform the " Copying Files From a Remote Machine" through rcp command.
    Reghards
    Kartik

    Hi
    The inconvenience of using scp is that you have to type the password every time you stablish a connection. You can work around this, adding a key into the remote hosts_allow file. This implies in more maintenance.
    From the rcp man page:
    +rcp does not prompt for passwords. It either  uses  Kerberos authentication which is enabled through command-line options or your current local user name must exist on  hostname  and allow remote command execution by rsh(1).+
    From the rsh man page:
    + If you omit command, instead of executing a single command, rsh logs you in on the remote host using rlogin(1).+
    By default, rlogin is disabled on Solaris 10
    [SunOS 5.10/bash] root@wgtsinf01:/store/sun/operating-systems
    # svcs -a|grep -i rlog
    disabled       May_11   svc:/network/login:rloginSo, to use rcp you have to enable the rlogin service and set up all the configuration files. Particularly, as already suggested, I too suggest you to use scp. :)
    Cheers
    -- Andreas
    Edited by: Bank_Of_New_Zealand on 15/06/2009 13:09

  • How to setup RSH on Mac OS X?

    I need to use rsh to execute a command on a remote Mac. I know SSH is available but I need to use RSH. I already created a ~/.rhosts file and edited the /etc/hosts.equiv file. The Firewall has all ports open.
    Every time a run "rsh [host] [command]" I get a connection refused message.
    I can't find any good information related to Mac OS X and RSH on the web. HELP! HELP!

    Funnily enough, I was trying to get this exact thing working today. The trick it seems, is that you need to have both rshd and rlogind running. Here's a step by step which will allow you to get root to rsh into localhost from localhost. Expanding this should be easy enough with a little reading. Refer to the rsh, rlogin, rcmd and .rhosts manual pages. Good luck.
    - download Lingon from sourceforge
    - fire it up and open the "shell" plist from the System Daemons list.
    - check the enable checkbox
    - save the plist
    - open the "login" plist from the System Daemons list.
    - check the enable checkbox
    - save the plist
    - open a terminal window
    - run $ sudo launchctl load /System/Library/LaunchDaemons/shell.plist
    - run $ sudo launchctl load /System/Library/LaunchDaemons/login.plist
    - run $ sudo launchctl list | egrep "rsh|login"
    - you will see something like this when they are loaded:
    $ sudo launchctl list | egrep "rsh|login"
    -     0     com.apple.rlogind
    -     0     com.apple.rshd
    $
    - run $ sudo launchctl start com.apple.rshd
    - run $ sudo launchctl start com.apple.rlogind
    - run $ sudo launchctl list | egrep "rsh|rlogin"
    - you will see something like this when it's started (loading and starting are two separate things. If you load but don't start, it won't work. You'll know when they are started, because the number in the first column will NOT be zero if the processes are properly started. 0 means they are loaded, >0 means they are started):
    $ sudo launchctl list | egrep "rsh|login"
    608     -     com.apple.rlogind
    604     -     com.apple.rshd
    $
    - run sudo su (don't ask me why, but you cannot sudo the below command, you have to be su to run it, hence the sudo su).
    - run 'echo "localhost root" >> /etc/hosts.equiv'
    - run rsh localhost - and voila:
    $ rsh localhost
    Last login: Tue Jan 8 23:21:04 on ttys000
    bash$

  • Solaris 9 rsh porblems

    I have moved a number of machines over to a new Solaris 9 NIS+ server from a Solaris 2.6 NIS+ server.
    Since then we cannot rsh to all of the clients, some will allow ssh and others refuse.
    Are there any system changes that need to be done to allow rsh to function? All hosts are listed in the hosts.equiv file.

    telnet in to the clients ( with username and password)
    then run "who am i" to get the clients idea of the
    name of the machine you are telnetting in from.
    This is the name that should be in the clients hosts.equiv.
    failing that try using truss on the client and see what the
    in.rshd is doing. maybe even snoop -V to see the conversation
    at the tcp level.
    tim

  • Rsh - connecting using user name that does not exist on remote computer

    hi
    is it possible to connect to a remote computer as, for example John, if user account John does not exist on the remote computer but is listed in .rhosts?
    this is what i have written in .rhosts on the remote computer ( Work ):
    home root
    home John
    when I connect as root:
    rlogin -l root Work
    everythings fine, but when I try to connect as John I get the incorrect login message
    I know the message above probably answers my question, but I want to be sure

    If the user id exists, you can bypass the authentication with .rhosts or /etc/hosts.equiv files; but you can't login to a remote machine as an anonymous user.

  • RSH between Solaris 8 & 9

    I am having a problem using rsh between a Solaris 8 box and a Solaris 9 box.
    I can rsh from 8 to 9 and enter password etc.. and get logged in.
    ie: rsh remotehost
    passwd
    I'm in.
    The problem is I just want to pass a command (like who) from 8 to 9.
    ie: rsh remotehost who
    I keep getting a permission denied message.
    the hosts files on remotehost does have the localhost in them?
    What else am I missing.
    Is the new SSH in Solaris9 causing my grief?
    Thanks

    I'm having the same problem. I need to rsh between Sol 9 & 7
    I need to run ufsdump to remote backup library on another server.
    The recently Upgraded server is sol9 needs to backup to sol7 server which has the backup library setup.
    both server names are in .rhosts and /etc/hosts.equiv - that usually always works
    but not now. What am I missing?
    here is the cmd:
    sol9> /usr/sbin/ufsdump -0uf sol7:/dev/rmt/0nc /data
    This works from my other Solaris 7 servers to the sol7 server.
    I do have ssh running on all the servers. I'm not sure how to run this in a ssh, I'm new to ssh.
    thanks in advance
    Denise

  • Rsh in zones

    Hi All
    when I run rsh <IP address> <command> I get
    Permission denied.
    The rsh is run on the local node using the IP of the node instead of localhost.
    It works fine when the same is run in the global-zone, but does not work when run in the non-global zone. I checked the settings for .rhosts, /etc/hosts.equiv. Also verified that inetd is running for that particular zone. Is there something else that I am missing? I would very much appreciate your inputs and advice.
    Thanks in advance
    Regards

    Hi
    I do not remember doing ifconfig for the zone. I just used zonecfg to set the IP addresses for each zone created. Basically the problem is as follows :
    When I run rsh <Ip address> where the Ip address is that of the zone itself, I get permission denied. I checked the .rhosts file etc and everything seems to be in order for rsh to work.
    On a different machine, created zones exactly the same and here when rsh is run within a zone like above, it works. I am clueless as to what I missed or added which is causing the above
    Thanks for all your replies. I will check out what you all suggested.
    Regards

  • Trusted hosts

    In trusted hosts,when i am doing rlogin to another host gives error "connection time out" what could be problem.Give solution

    Users attempting to use rlogin must be validated. Validation can be performed by the remote computer (the one you are logging into) or by the network environment. If the remote computer is to validate you, one of three conditions must exist.
    1     First, the user account you are using must be located on the remote machine, and you must provide a correct password when prompted.
    2     Second, the remote machine must have an /etc/hosts.equiv file set up.
    3     Third, the remote machine must have an .rhosts file configured.

  • Rlogin service incomplete error

    Good night all,
    We just installed a database server on a solaris 11 zone, but our veritas server need to get via rlogin to the ngz, but when i tried to enable the service got the following message.
    svcadm enable svc:/network/login:rlogin
    svcadm: svc:/network/login:rlogin: is not complete, missing general/complete (see svcs -xv svc:/network/login:rlogin for details)
    and when i do the svcs -xv
    svcs -xv svc:/network/login:rlogin
    svc:/network/login:rlogin (?)
    State: -
    Reason: Service is incomplete, defined only by profile /etc/svc/profile/generic.xml
    Impact: This service is not running.
    First time i see this error, any help will be really appreciate. Cannot get a production DB without backup.

    The use of these legacy remote login protocols such as rlogin and telnet has been discouraged by the security community for 15+ years. Since ssh has been part of Solaris for more than 10 years, we no longer install the daemons and related services for legacy protocols by default on minimized configurations. The default zone installation uses solaris-small-server, which is a minimized configuration.
    The Solaris Administration Guide offers instruction on how to enable these legacy protocols.
    http://docs.oracle.com/cd/E23824_01/html/821-1460/z.login.ov-13.html#scrolltoc
    The text for that section is a little bit wrong. It should read:
    The ability to remotely log in to a zone is dependent on the selection of network services that you establish. Logins through rlogin and telnet can be added if needed by installing the package pkg:/service/network/legacy-remote-utilities then enabling the required services.
    To install the legacy-remote-utilities package:
    root@zone# pkg install legacy-remote-utilities
    To enable the rsh sever:
    root@zone# svcadm enable svc:/network/shell:default
    To enable the rsh server on a system that uses Kerberos:
    root@zone# svcadm enable svc:/network/shell:kshell
    To enable the rlogin server:
    root@zone# svcadm enable svc:/network/login:rlogin
    To enable the telnet server:
    root@zone# svcadm enable svc:/network/telnet:default
    For more information about legacy login services, see rshd(1M), rlogind(1M), and telnetd(1M). The suggested replacement for these legacy login services is secure
    shell. See ssh(1) and sshd(1M).
    I've opened CR 7175961 to address the documentation problem.
    Note that 'rsh hostname' really uses the rlogin protocol. 'rsh hostname command' uses the rsh protocol.

  • Rcp as root

    Hi.
    I have an macos X server and an solaris 7 server. I would like to be able to, in an shell on the macos X server, be able to rcp copy an file from the solaris server to the macosx server as root.
    But i am not allowed to do that, permissions denied. I cannot find any info an internet on how to enable this feature because i really need to do it as root because of the permissions on the files.
    Of course i can use scp from the solaris to the macos X server, but it has to slow transfer rate, about 1/3 of the rcp speed.

    Stupid me, i found the problem.
    I had named the .rhosts file in / to .rhost
    Both .rhosts in / and the hosts.equiv have to be present to allow root rcp usage.
    Don��t bother reply, i found the solution by renaming the file from .rhost to .rhosts

Maybe you are looking for