Rcp, rlogin, rsh, telnet, hosts.equiv 9iRAC
Hello all,
I wonder whether rlogin, rsh, rcp, telnet and hosts.equiv are required for 9iRAC to function on Linux. The install guide for 9iRAC on RH AS2.1 has one start up those services and use hosts.equiv. Even though we are behind a firewall, I would much rather not have them running.
Any guidance would be appreciated
Thx
Wayne
Ok, I'll just try to sym link to secure equivalents and set up auth keys for Oracle user.
Similar Messages
-
How to enable rsh/telnet/rlogin
Hi Followed the instructions at:
http://docs.info.apple.com/article.html?artnum=106274
to enable rsh/telnet/rlogin services, and restarted the
machine (MacBook Pro, OS X 1.4, Darwin Kernel Version 8.6.1).
Still I can't remotely do telnet/rsh/rlogin to the mac
(get conenction refused error) from a Unix machine.
Could someone tell me how to enable these services
(right now ssh is the only one enabled by default,
the machine is within a firewall, and for some applications,
we need to enable rsh/rlgoin/telnet/ftp etc).
Thanks.
Macbook Pro Mac OS X (10.4)Hi Followed the instructions at:
ttp://docs.info.apple.com/article.html?artnum=106274
to enable rsh/telnet/rlogin services, and restarted
the
machine (MacBook Pro, OS X 1.4, Darwin Kernel Version
8.6.1).
Still I can't remotely do telnet/rsh/rlogin to the
mac
(get conenction refused error) from a Unix machine.
If your firewall is activated
then you have to add 3 new filter rules:<pre>
Port Name: Other
TCP Port Number(s): 514
UDP Port Number(s):
Description: rsh
Port Name: Other
TCP Port Number(s): 513
UDP Port Number(s):
Description: rlogin
Port Name: Other
TCP Port Number(s): 23
UDP Port Number(s):
Description: telnet
</pre>
You don't have to restart your Mac or your session.
You could test it pretty quickly by doing a:<pre>
telnet localhost
rlogin localhost
rsh localhost pwd
</pre>
dan -
Renaming .rhost and /etc/hosts.equiv
Hi!
In the Solaris hardening quide there is a point which says that the .rhost and /etc/hosts.equiv files should be removed. Is it enough if I just rename them (in the same directory) in order to be able to restore them in a later point?
Thanks.Should be.
7/M. -
Inetd services (telnet, rlogin ,rsh) in Solaris 9 Branded Zone
Hi,
I've got two Solaris 9 Branded Zones running on an M3000. They both use exclusive IP.
When I try and telnet, rlogin or rsh to either of my Solaris 9 zones from the other I get an error. With the r* commands I get a "Protocol error" message, and telnet just reports a terminated connection. I've tried Mr. Google, the results I get make sense for a physical host - i.e Protocol Error would occur if the server executable (in.rlogind, etc) was somehow messed up.
Just to complicate things slightly the exclusive IP NICs are on a physically separate switch from the other NICs.
I'd forgotten that with the Branded Zones some native features are actually handled by the underlying global zone (i.e. Solaris 10).
Anyway, has anybody else had this same problem and how did you resolve it?
Thanks
Tim Shaw.I found out that the services in the Global Zone had been disabled. Simply enabling them fixed the problem :)
-
Using ssh without being asked for a password.
Hey all,
I need to access a new network which is now protected by firewalls. These firewalls will disconnect sessions that are idle for over an hour, this is a problem for a lot of Sun protocols that don't use keepalives (another Sun only idea!!!) such as 'rlogin', 'rsh', 'telnet' etc.
I need to use a protocol such as 'ssh' or equivalent which uses keepalives to remote login to systems inside the protected network to overcome the firewall dropping the sessions. The systems inside this network are all on Solaris 8.
The thing is that I need to overcome 'ssh' requirement for password authentication, as the users are clicking on a menu application that automatically does a rsh and starts the application without prompting the user for any information (I know you should use ssh with authentication, but in this case I cannot use it). Has anyone been able to configure 'ssh' on a system wide basis for all users to not ask for a password, and use standard NIS authentication with the hosts.equiv instead.
I have found plenty of example of how to do this in Linux, but since Sun have decided not to implement ssh in the standard way like every other UNIX vendor and to use wrappers, none of those examples will work on Solaris.
If someone has found a way of overcoming the keepalive issue with rlogin, rsh etc. I'd be really interested in knowing the hack done to get it working, as I would prefer to avoid installing anything on those systems in the new network.
Thanks for reading,
Mick.You could probably try re-installing SSH using the standard OpenSSH source, not the ones provided by sun.
More of a pain, as you have to install on all the machines, but it would allow you to do as you said.
It might also be possible to use a midleman linux machine to do it, but not sure how you would go about doing it that way.
Not a solution, but some pointers. Hopefully, it helps. -
Solaris 9 remote login (ssh) drops connection
Hello All,
I wonder if you can help me...
Let me give you some set-up details before I ask you the question.
I have Ultra-60 at home with Solaris 9 and recommended patch cluster installed. The machine is connected to a Linksys WAG54G ADSL router/modem through RJ45 ethernet cable. The router also has windows XP machine connected through RJ45 ethernet cable. I also have another windows XP machine that connects to the router over wireless connection.
I have opened up required ports on the router/port forwarding so that I can access the services remotely. I was first using default ports for http and ssh, but have now changed them to different ports - to be a bit more secure.
I have created a domain name through dyndns.org.
I have ssh running on the solaris 9 machine and has all the remote commands (rlogin, rsh, telnet) commented out in the /etc/inetd.conf and hence are not running on the machine.
I have a UK ADSL servise provider called Pipex.
Now lets get to the problem:
The whole purpose of the above set-up is that I want to access sun machine from work. The whole set-up works perfectly well - for a little while and then something strange happens. At work, when I connect to the sun machine, everything works fine and when I leave the session idle for 15-20 minutes (could be less time), the connection drops and then I can not connect to the machine for good couple of hours. When I say connection drops, I do not mean that system displays a logout message or something - There is no response from the server - pressing of return key does not do anything and eventually I get a message on windows pop up that connection is disconnected. If I try to retry, the client tries for a while and then says that connection timed out. Same thing happens if I use the IP address � I use the right IP address as someone at home checks the router to confirms the correct IP address. This eliminates problem with domain name.
I have tried everything and can not work out what is causing this problem - the machine has all the 9_recommended patches. To narrow the problem down, I set up apache server on the sun machine. Today, when the connection dropped, I tried to connecting to the apache server and it failed - 'page can not be displayed' message on the internet explorer. However, after couple of minutes, I managed to get to the website but still can not get login prompt through ssh client.
What does that mean? Does it mean that server is playing up, or is it the sshd or is there any time out option in solaris 9... the strange thing is that I can access the web page - though it was not accessible at start when connection to ssh dropped out.
Could it be the router? The linksys do not come with a rule based firewall... so there is nothing that states that disconnects after some inactivity. The port forwarding is working as I do get to login to the server and to the web server. It can not be changing the default port numbers as the problem was there when there were standard ports being used.
It is not the link at my office as my friend, in a different company gets the same problem on my machine � connects to it and after some in-activity, the connection drops and then he can not login for a long time.
It can not be the ADSL link as people at home can use the internet without any problem and they can access the sun machine locally.
It can not be the windows machines connected to the router as problem is there when windows machines are switched off � don�t know if windows would cause this, but just wanted to eliminate anything that I could think of.
One strange think that I did see yesterday was that, when I managed to login the last command showed that I was logged in throughout the time � the time when I could not logged in . The error message in the /var/adm/messages stated something like socket error and connection reset by peer or something � can not give you exact message right now as I can not login to the machine. The time on the message was couple of couple of minutes before I managed to login again and that time was the same as the time showed in last command is my logout time.
Does anyone know what is causing all this problem? Any pointers or help will be appreciated. If there is any place else that you think I can get the answer, please kindly let me know.Thanks...
A few new developments....
- I opened 2 sessions to the server, left one with no activity and in the other session, I ran iostat 1... The session with no activity got dropped and iostat one carried on... When the session dropped, I managed to login straight away... so no delay of couple of hours. May be because iostat was still running?
- I now have an ftp server running on windows and I can access it even when connection drops out... right now I have no access to sun... but ftp server is running fine.
- I enable remote router access and I can access that as well...
- I enabled telnet and I can not access the sun with telnet either.
So, its either solaris 9 or the router.
Tomorrow, I will connect an another sun machine and then see if connection to both is dropped or just one. If it is to both then it must be router as the way ssh, telnet work is different to the way ftp work - as someone told me this today... so if other sun machine is not accessable then its not sol9 but router. The other machine has Sol 2.5.1 running.
Some one said that it could be that router is running out of translation table entries - but with so few connections? Or it could be that when there is no activity, router thinks that connection should be dropped - there is no open in the router setup which states that... Or Solaris has some timeout feature?
More later.
Kind Regards
Ahmerin -
Copying Files From a Remote Machine through "rcp" command not working.
Hi All,
I'm a new comer to this famous forum. I was trying to go through the PDF "Solaris Advanced User's Guide" .So in chapter 9-"Using the network" i came across "Copying Files From a Remote Machine". And the syntax was "rcp machinename:source destination" . And i got another note. It is like
"The rcp command enables you to copy files from one machine to another. This command uses the remote machine's /etc/hosts.equiv and /etc/passwd files to determine whether you have unchallenged access privileges. The syntax for rcp is similar to the command syntax for cp.".
But i maintained remote machine's IP address in my system's /etc/hosts file. But still i am unable to do the rcp from remote system to my system or vice versa.
Always i am getting error message " **Connection refused**".
Therefore please some one guide me how to perform the " Copying Files From a Remote Machine" through rcp command.
Reghards
KartikHi
The inconvenience of using scp is that you have to type the password every time you stablish a connection. You can work around this, adding a key into the remote hosts_allow file. This implies in more maintenance.
From the rcp man page:
+rcp does not prompt for passwords. It either uses Kerberos authentication which is enabled through command-line options or your current local user name must exist on hostname and allow remote command execution by rsh(1).+
From the rsh man page:
+ If you omit command, instead of executing a single command, rsh logs you in on the remote host using rlogin(1).+
By default, rlogin is disabled on Solaris 10
[SunOS 5.10/bash] root@wgtsinf01:/store/sun/operating-systems
# svcs -a|grep -i rlog
disabled May_11 svc:/network/login:rloginSo, to use rcp you have to enable the rlogin service and set up all the configuration files. Particularly, as already suggested, I too suggest you to use scp. :)
Cheers
-- Andreas
Edited by: Bank_Of_New_Zealand on 15/06/2009 13:09 -
How to setup RSH on Mac OS X?
I need to use rsh to execute a command on a remote Mac. I know SSH is available but I need to use RSH. I already created a ~/.rhosts file and edited the /etc/hosts.equiv file. The Firewall has all ports open.
Every time a run "rsh [host] [command]" I get a connection refused message.
I can't find any good information related to Mac OS X and RSH on the web. HELP! HELP!Funnily enough, I was trying to get this exact thing working today. The trick it seems, is that you need to have both rshd and rlogind running. Here's a step by step which will allow you to get root to rsh into localhost from localhost. Expanding this should be easy enough with a little reading. Refer to the rsh, rlogin, rcmd and .rhosts manual pages. Good luck.
- download Lingon from sourceforge
- fire it up and open the "shell" plist from the System Daemons list.
- check the enable checkbox
- save the plist
- open the "login" plist from the System Daemons list.
- check the enable checkbox
- save the plist
- open a terminal window
- run $ sudo launchctl load /System/Library/LaunchDaemons/shell.plist
- run $ sudo launchctl load /System/Library/LaunchDaemons/login.plist
- run $ sudo launchctl list | egrep "rsh|login"
- you will see something like this when they are loaded:
$ sudo launchctl list | egrep "rsh|login"
- 0 com.apple.rlogind
- 0 com.apple.rshd
$
- run $ sudo launchctl start com.apple.rshd
- run $ sudo launchctl start com.apple.rlogind
- run $ sudo launchctl list | egrep "rsh|rlogin"
- you will see something like this when it's started (loading and starting are two separate things. If you load but don't start, it won't work. You'll know when they are started, because the number in the first column will NOT be zero if the processes are properly started. 0 means they are loaded, >0 means they are started):
$ sudo launchctl list | egrep "rsh|login"
608 - com.apple.rlogind
604 - com.apple.rshd
$
- run sudo su (don't ask me why, but you cannot sudo the below command, you have to be su to run it, hence the sudo su).
- run 'echo "localhost root" >> /etc/hosts.equiv'
- run rsh localhost - and voila:
$ rsh localhost
Last login: Tue Jan 8 23:21:04 on ttys000
bash$ -
I have moved a number of machines over to a new Solaris 9 NIS+ server from a Solaris 2.6 NIS+ server.
Since then we cannot rsh to all of the clients, some will allow ssh and others refuse.
Are there any system changes that need to be done to allow rsh to function? All hosts are listed in the hosts.equiv file.telnet in to the clients ( with username and password)
then run "who am i" to get the clients idea of the
name of the machine you are telnetting in from.
This is the name that should be in the clients hosts.equiv.
failing that try using truss on the client and see what the
in.rshd is doing. maybe even snoop -V to see the conversation
at the tcp level.
tim -
Rsh - connecting using user name that does not exist on remote computer
hi
is it possible to connect to a remote computer as, for example John, if user account John does not exist on the remote computer but is listed in .rhosts?
this is what i have written in .rhosts on the remote computer ( Work ):
home root
home John
when I connect as root:
rlogin -l root Work
everythings fine, but when I try to connect as John I get the incorrect login message
I know the message above probably answers my question, but I want to be sureIf the user id exists, you can bypass the authentication with .rhosts or /etc/hosts.equiv files; but you can't login to a remote machine as an anonymous user.
-
I am having a problem using rsh between a Solaris 8 box and a Solaris 9 box.
I can rsh from 8 to 9 and enter password etc.. and get logged in.
ie: rsh remotehost
passwd
I'm in.
The problem is I just want to pass a command (like who) from 8 to 9.
ie: rsh remotehost who
I keep getting a permission denied message.
the hosts files on remotehost does have the localhost in them?
What else am I missing.
Is the new SSH in Solaris9 causing my grief?
ThanksI'm having the same problem. I need to rsh between Sol 9 & 7
I need to run ufsdump to remote backup library on another server.
The recently Upgraded server is sol9 needs to backup to sol7 server which has the backup library setup.
both server names are in .rhosts and /etc/hosts.equiv - that usually always works
but not now. What am I missing?
here is the cmd:
sol9> /usr/sbin/ufsdump -0uf sol7:/dev/rmt/0nc /data
This works from my other Solaris 7 servers to the sol7 server.
I do have ssh running on all the servers. I'm not sure how to run this in a ssh, I'm new to ssh.
thanks in advance
Denise -
Hi All
when I run rsh <IP address> <command> I get
Permission denied.
The rsh is run on the local node using the IP of the node instead of localhost.
It works fine when the same is run in the global-zone, but does not work when run in the non-global zone. I checked the settings for .rhosts, /etc/hosts.equiv. Also verified that inetd is running for that particular zone. Is there something else that I am missing? I would very much appreciate your inputs and advice.
Thanks in advance
RegardsHi
I do not remember doing ifconfig for the zone. I just used zonecfg to set the IP addresses for each zone created. Basically the problem is as follows :
When I run rsh <Ip address> where the Ip address is that of the zone itself, I get permission denied. I checked the .rhosts file etc and everything seems to be in order for rsh to work.
On a different machine, created zones exactly the same and here when rsh is run within a zone like above, it works. I am clueless as to what I missed or added which is causing the above
Thanks for all your replies. I will check out what you all suggested.
Regards -
In trusted hosts,when i am doing rlogin to another host gives error "connection time out" what could be problem.Give solution
Users attempting to use rlogin must be validated. Validation can be performed by the remote computer (the one you are logging into) or by the network environment. If the remote computer is to validate you, one of three conditions must exist.
1 First, the user account you are using must be located on the remote machine, and you must provide a correct password when prompted.
2 Second, the remote machine must have an /etc/hosts.equiv file set up.
3 Third, the remote machine must have an .rhosts file configured. -
Rlogin service incomplete error
Good night all,
We just installed a database server on a solaris 11 zone, but our veritas server need to get via rlogin to the ngz, but when i tried to enable the service got the following message.
svcadm enable svc:/network/login:rlogin
svcadm: svc:/network/login:rlogin: is not complete, missing general/complete (see svcs -xv svc:/network/login:rlogin for details)
and when i do the svcs -xv
svcs -xv svc:/network/login:rlogin
svc:/network/login:rlogin (?)
State: -
Reason: Service is incomplete, defined only by profile /etc/svc/profile/generic.xml
Impact: This service is not running.
First time i see this error, any help will be really appreciate. Cannot get a production DB without backup.The use of these legacy remote login protocols such as rlogin and telnet has been discouraged by the security community for 15+ years. Since ssh has been part of Solaris for more than 10 years, we no longer install the daemons and related services for legacy protocols by default on minimized configurations. The default zone installation uses solaris-small-server, which is a minimized configuration.
The Solaris Administration Guide offers instruction on how to enable these legacy protocols.
http://docs.oracle.com/cd/E23824_01/html/821-1460/z.login.ov-13.html#scrolltoc
The text for that section is a little bit wrong. It should read:
The ability to remotely log in to a zone is dependent on the selection of network services that you establish. Logins through rlogin and telnet can be added if needed by installing the package pkg:/service/network/legacy-remote-utilities then enabling the required services.
To install the legacy-remote-utilities package:
root@zone# pkg install legacy-remote-utilities
To enable the rsh sever:
root@zone# svcadm enable svc:/network/shell:default
To enable the rsh server on a system that uses Kerberos:
root@zone# svcadm enable svc:/network/shell:kshell
To enable the rlogin server:
root@zone# svcadm enable svc:/network/login:rlogin
To enable the telnet server:
root@zone# svcadm enable svc:/network/telnet:default
For more information about legacy login services, see rshd(1M), rlogind(1M), and telnetd(1M). The suggested replacement for these legacy login services is secure
shell. See ssh(1) and sshd(1M).
I've opened CR 7175961 to address the documentation problem.
Note that 'rsh hostname' really uses the rlogin protocol. 'rsh hostname command' uses the rsh protocol. -
Hi.
I have an macos X server and an solaris 7 server. I would like to be able to, in an shell on the macos X server, be able to rcp copy an file from the solaris server to the macosx server as root.
But i am not allowed to do that, permissions denied. I cannot find any info an internet on how to enable this feature because i really need to do it as root because of the permissions on the files.
Of course i can use scp from the solaris to the macos X server, but it has to slow transfer rate, about 1/3 of the rcp speed.Stupid me, i found the problem.
I had named the .rhosts file in / to .rhost
Both .rhosts in / and the hosts.equiv have to be present to allow root rcp usage.
Don��t bother reply, i found the solution by renaming the file from .rhost to .rhosts
Maybe you are looking for
-
I am unable to connect to the interent. At the top of the screen my computer says that I am connected. When I open up Safari there is a pop up that say "Community Toolbar We're sorry, but the Safari browser version you are currently using do
-
Multiple versions of the same JDBC driver - OK ?
Hello We are using SJSAS 8.1 on our production server, it makes access to an Oracle database for user authentication and thus we have a copy of the Oracle thin driver ojdbc14.jar located in the directory. <sjsas_install>/lib Each of our web applicati
-
After I restore the phone it takes about 20 minutes to an hour for the voicemails to show up again. This problem is very annoying especially since it's a new phone.
-
How to populate the relavent fields when clicked on a field
I am trying to populate the relevant fields of screen(MODULE POOL PROGRAM) when i am clicking on a field. Search help/ value request is provided to that field. so Can any one help me with this scenario. IF POSSIBLE PLEASE SEND THE SOLUTION WITH THE
-
Lightroom 2.7 freezes after 7 exports
Hi folks, I know, everyone is into LR3 - but as I am working with XP for various reasons, I have opted for the 2.7 version for the time being. I have looked for a solution on the forum and the internet but did not find any up to now. So, here it goes