Rsh rlogin rexec

From COSSAN Wiki
Jump to: navigation, search

Installing rsh rlogin and rexec on Fedora

Client

To install the client on the cluster machines with yum:

yum install rsh

Server

To install the client on the cluster machines with yum:

yum install rsh-server

Running the services

to run these service start the deamon xinetd

/etc/init.d/xinetd start

Configure the firewall

Remember to open a port in the firewall if you need to use rsh rlogin and rexec. The standard port in 513.

  • Open /etc/sysconfing/iptables in your favorite text editor
  • edit the file accepting the incoming traffic form the port 513 (add the following lines)
# Open port for rlogin rsh
-A INPUT -m state --state NEW -p tcp -s 138.232.86.0/26 --dport 513 -j ACCEPT
  • Restart the firewall
/etc/init.d/iptables restart

Using without password

To activate the login without prompt password follow these steps:

  1. Add rsh and rlogin to the file /etc/securetty. Just add two lines to the end of the file with "rsh" on one and "rlogin" and "rexec" on the others.
  2. Edit the xinetd settings for rlogin and rsh. These are the files /etc/xinetd.d/rlogin and /etc/xinetd.d/rsh. Change the "disable" line from "yes" to "no". #) Add the cluster machines to /etc/hosts.equiv (add the IP address)
    • Make sure that TCP Wrappers doesn't block the cluster machines. In /etc/hosts.allow, they should be listed with a line like "ALL: 138.232.86.1/196". One should also make sure that /etc/hosts.deny has only one line reading "ALL:ALL".
    • Make sure your firewall won't block these connections from your cluster network. Check /etc/sysconfig/iptables.
  3. You probably need to restart xinetd with "/etc/init.d/xinetd restart"
  4. Make changes to all cluster machines (obvious, but easy to forget).

rexec (and ftp) without password

If you want use rexec without password (DO YOU REALLY NEED IT?) you have to configure the file $HOME/.netrc (present in your home directory)

Any user may create a .netrc file in his or her home directory. Each line in the .netrc file has the following form:

machine hostname login remote_login_name password password_of_remote_login

Following is an example entry in a .netrc file:

machine broccoli login bill password try2Bhave

If user andrea has this entry in her .netrc file on host cabbage, she can use ftp or rexec to connect to user bill's account on host broccoli without being prompted for a password.

IMPORTANT: Each $HOME/.netrc file should be owned by the user of the home directory, with permissions set to 0600 (-rw-------). The user's home directory should be write-protected so that no other user can create a .netrc file in it.

CAUTION

The $HOME/.netrc file creates a significant security risk. It contains unencrypted passwords.

See also

  • For more information, type man 4 netrc at the prompt.

--Ep 14:10, 13 June 2007 (CEST)