RSH server is used to between two os unix or linux server fore sharing users to run comman on the remote server. it ofen used in cluster system.
Note:
RSH just can using by client to server,not server to client .
rsh server requier files
rsh server`s rpm
xinet rpm
exp: Red Hat Enterpise Linux 5
rsh-server-0.17-37.el5.i386.rpm
xinetd-2.3.14-10.el5.i386.rpm(这2个默认是不安装的,在安装盘中可以找到)
rsh client requier files
rsh`s rpm
exp: Red Hat Enterpise Linux 5
rsh-0.17-37.el5.src.rpm(默认是安装的)
How to config
lab Topology
the Topology by http://linux.vbird.org/linux_server/0310telnetssh.php#rsh
[img]/upload/attachment/119445/5867b3a1-0fbc-3b19-961e-d449fe048e24.png[/img]
RSH server config
1. install RSH server `rpm
rpm -Uvh xinetd-2.3.14-10.el5.i386.rpm
rpm -Uvh rsh-server-0.17-37.el5.i386.rpm
2 modify xinet.d/` files
fiies `s name is rsh rlogin rexec
all above the files ` s " disable = yes " option must be modifyed to "default = no "
exp:
rsh
# cat /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}
exp: rlogin
# cat /etc/xinetd.d/rlogin
# default: on
# description: rlogind is the server for the rlogin(1) program. The server \
# provides a remote login facility with authentication based on \
# privileged port numbers from trusted hosts.
service login
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
disable = no
}
exp : rexec
# cat /etc/xinetd.d/rexec
# default: off
# description: Rexecd is the server for the rexec(3) routine. The server \
# provides remote execution facilities with authentication based \
# on user names and passwords.
service exec
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rexecd
disable = no
}
2 Add RSH server`s and RSH client`s hosts informations
RSH server `s host files
exp :
# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.254.241.251 rsh.server rsh
10.254.241.249 rsh.client rsh
(rsh.client是rsh client的hostname,rsh.server是rsh server的hostname)
RSH client`s host files
exp:
# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.254.241.251 rsh.server rsh
3 Add the RSH client login informations
files`s name and location is /etc/hosts.equiv
exp:
# cat /etc/hosts.equiv
rsh.client root
rsh.client rsh(rsh是用户名,client和server都有)
4 Add the RSH client`s login user for RSH server
Add the .rhosts file to the user `s document which RSH client login.
(.rhosts文件是不存在的需要创建,并添加
rsh.client root
rsh.client rsh
10.254.241.249 rsh
10.254.241.249 root
)
exp :
# ls -la
total 132
drwxr-x--- 4 root root 4096 Jun 22 23:00 .
drwxr-xr-x 23 root root 4096 Jun 22 22:41 ..
-rw------- 1 root root 849 Jun 20 22:40 anaconda-ks.cfg
-rw------- 1 root root 1957 Jun 22 22:39 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 3 root root 4096 Jun 20 22:38 .gconf
drwx------ 2 root root 4096 Jun 20 22:38 .gconfd
-rw-r--r-- 1 root root 18700 Jun 20 22:40 install.log
-rw-r--r-- 1 root root 3859 Jun 20 22:40 install.log.syslog
-rw------- 1 root root 35 Jun 22 22:24 .lesshst
[b]-rw------- 1 root root 30 Jun 22 22:26 .rhosts[/b]
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
-rw------- 1 root root 5230 Jun 22 23:00 .viminfo
modify the .rhosts `s file purview.
chmod 600 .rhosts
5 modify some securety files to allow root can be logined by RSH client.
The securety files `s name is /etc/securetty and /etc/pam.d/rsh,but just modify only one be ok .(两个我都做了)
exp:
securetty
echo "rexec" >> /etc/securetty
echo "rlogin" >> /etc/securetty
echo "rsh" >> /etc/securetty
exp: pam.d/rsh
# cat /etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
[b]#auth required pam_securetty.so[/b]
auth required pam_env.so
auth required pam_rhosts_auth.so
account include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
(使用netstat -an | grep 514查看tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN
如果没有执行/etc/init.d/xinetd restart)
6 RSH client testing
# rsh 172.16.8.23 ls
connect to address 172.16.8.23 port 544: Connection refused
Trying krb4 rsh...
connect to address 172.16.8.23 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)
anaconda-ks.cfg
install.log
install.log.syslog
我使用rsh用户成功,root没有成功。
在安装Red Hat Enterpise Linux 5时,我设置了hostname,ip,dns。
Thank `s vbird`s document http://linux.vbird.org/linux_server/0310telnetssh.php#rsh
Note:
RSH just can using by client to server,not server to client .
rsh server requier files
rsh server`s rpm
xinet rpm
exp: Red Hat Enterpise Linux 5
rsh-server-0.17-37.el5.i386.rpm
xinetd-2.3.14-10.el5.i386.rpm(这2个默认是不安装的,在安装盘中可以找到)
rsh client requier files
rsh`s rpm
exp: Red Hat Enterpise Linux 5
rsh-0.17-37.el5.src.rpm(默认是安装的)
How to config
lab Topology
the Topology by http://linux.vbird.org/linux_server/0310telnetssh.php#rsh
[img]/upload/attachment/119445/5867b3a1-0fbc-3b19-961e-d449fe048e24.png[/img]
RSH server config
1. install RSH server `rpm
rpm -Uvh xinetd-2.3.14-10.el5.i386.rpm
rpm -Uvh rsh-server-0.17-37.el5.i386.rpm
2 modify xinet.d/` files
fiies `s name is rsh rlogin rexec
all above the files ` s " disable = yes " option must be modifyed to "default = no "
exp:
rsh
# cat /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}
exp: rlogin
# cat /etc/xinetd.d/rlogin
# default: on
# description: rlogind is the server for the rlogin(1) program. The server \
# provides a remote login facility with authentication based on \
# privileged port numbers from trusted hosts.
service login
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
disable = no
}
exp : rexec
# cat /etc/xinetd.d/rexec
# default: off
# description: Rexecd is the server for the rexec(3) routine. The server \
# provides remote execution facilities with authentication based \
# on user names and passwords.
service exec
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rexecd
disable = no
}
2 Add RSH server`s and RSH client`s hosts informations
RSH server `s host files
exp :
# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.254.241.251 rsh.server rsh
10.254.241.249 rsh.client rsh
(rsh.client是rsh client的hostname,rsh.server是rsh server的hostname)
RSH client`s host files
exp:
# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.254.241.251 rsh.server rsh
3 Add the RSH client login informations
files`s name and location is /etc/hosts.equiv
exp:
# cat /etc/hosts.equiv
rsh.client root
rsh.client rsh(rsh是用户名,client和server都有)
4 Add the RSH client`s login user for RSH server
Add the .rhosts file to the user `s document which RSH client login.
(.rhosts文件是不存在的需要创建,并添加
rsh.client root
rsh.client rsh
10.254.241.249 rsh
10.254.241.249 root
)
exp :
# ls -la
total 132
drwxr-x--- 4 root root 4096 Jun 22 23:00 .
drwxr-xr-x 23 root root 4096 Jun 22 22:41 ..
-rw------- 1 root root 849 Jun 20 22:40 anaconda-ks.cfg
-rw------- 1 root root 1957 Jun 22 22:39 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 3 root root 4096 Jun 20 22:38 .gconf
drwx------ 2 root root 4096 Jun 20 22:38 .gconfd
-rw-r--r-- 1 root root 18700 Jun 20 22:40 install.log
-rw-r--r-- 1 root root 3859 Jun 20 22:40 install.log.syslog
-rw------- 1 root root 35 Jun 22 22:24 .lesshst
[b]-rw------- 1 root root 30 Jun 22 22:26 .rhosts[/b]
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
-rw------- 1 root root 5230 Jun 22 23:00 .viminfo
modify the .rhosts `s file purview.
chmod 600 .rhosts
5 modify some securety files to allow root can be logined by RSH client.
The securety files `s name is /etc/securetty and /etc/pam.d/rsh,but just modify only one be ok .(两个我都做了)
exp:
securetty
echo "rexec" >> /etc/securetty
echo "rlogin" >> /etc/securetty
echo "rsh" >> /etc/securetty
exp: pam.d/rsh
# cat /etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
[b]#auth required pam_securetty.so[/b]
auth required pam_env.so
auth required pam_rhosts_auth.so
account include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
(使用netstat -an | grep 514查看tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN
如果没有执行/etc/init.d/xinetd restart)
6 RSH client testing
# rsh 172.16.8.23 ls
connect to address 172.16.8.23 port 544: Connection refused
Trying krb4 rsh...
connect to address 172.16.8.23 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)
anaconda-ks.cfg
install.log
install.log.syslog
我使用rsh用户成功,root没有成功。
在安装Red Hat Enterpise Linux 5时,我设置了hostname,ip,dns。
Thank `s vbird`s document http://linux.vbird.org/linux_server/0310telnetssh.php#rsh