rsh and rexec as root: permission denied problem (SuSe 9.3)
Hi all, I need to install the HP Data Protector Backup client on a few linux servers. The installation should be performed remotly from a HP-UX installation server. Unfortunately, for this installation, Data Protector uses rsh and rexec :-) I'm trying to configure both daemons but the installation still does not work. To make thing simpler (I'm not the administrator of the HP-UX server), I'm trying to use rsh and rexec between two suse servers. What I've done for the time being is: - installing xinetd and the r- servers - abilitate in /etc/xinetd.d/ files rexec, rlogin, and rsh - I added the .rhosts in /root with the ip addresses of the installation server and of my other suse machines from which I'm performing the tests) and the username to be used - seeing that modifying the /etc/securetty file did not solve my problem, I removed the pam_securetty.so line and just kept "required pam_nologin" and "sufficient pam_rhosts_auth.so". I'm able to "rlogin" both as a normal user and as a root from another server, but rsh and rexec work only with a normal user, not with root. I read something about the -h option for rsh/rexec to allow root use but this option does not exist on rsh and for rexec it means "print a usage message". Something is blocking the use of rsh and rexec as root and I really don't understand what. I'm even thinking that the rexec and rsh rpm are made by SuSe especially to block root access (may be a configuration at compile time?) Any help would be greatly appreciated as, unfortunately, it's the only way to perform this remote installations. Regards, Gaël
On Wednesday 17 May 2006 15:01, Gaël Lams wrote:
Hi all, <snip> Something is blocking the use of rsh and rexec as root and I really don't understand what. I'm even thinking that the rexec and rsh rpm are made by SuSe especially to block root access (may be a configuration at compile time?)
Any help would be greatly appreciated as, unfortunately, it's the only way to perform this remote installations.
Regards,
Gaël Here is the way I set it up:
User Group to control access ==================== Create Group “remotessh”, Add users that are allowed remote access to the group. In file /etc/ssh/sshd_config add the following lines to bottom of file: # # Westrick GmbH Configuration # Port XX AllowGroups remotessh GatewayPorts yes X11DisplayOffset 50 X11Forwarding yes restart ssh server with: “rcsshd restart”
On Wed, 2006-05-17 at 17:57 +0200, Jerry Westrick wrote:
On Wednesday 17 May 2006 15:01, Gaël Lams wrote:
Hi all, <snip> Something is blocking the use of rsh and rexec as root and I really don't understand what. I'm even thinking that the rexec and rsh rpm are made by SuSe especially to block root access (may be a configuration at compile time?)
Any help would be greatly appreciated as, unfortunately, it's the only way to perform this remote installations.
Regards,
Gaël Here is the way I set it up:
User Group to control access ====================
Create Group “remotessh”, Add users that are allowed remote access to the group.
The OP was asking about rsh and rexec -not- ssh, this will not help. To the OP: also check /etc/hosts.allow and /etc/hosts.deny files for access restrictions. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
Gaël Lams wrote:
Hi all,
I need to install the HP Data Protector Backup client on a few linux servers. The installation should be performed remotly from a HP-UX installation server.
Unfortunately, for this installation, Data Protector uses rsh and rexec :-)
As I don't want to enable rsh and rexec, I always install DP client on new Linux systems from the CD, resp. from a copy of the CD on an NFS filesystem. I have to do some handwork anyway before (commenting out lines for port 5555 in /etc/services) and afterwards (starting xinetd). Further updates from the GUI will work then and use the DP inet client on port 5555. -- Viele Grüße ------------------------------------------------------------------------ Michael
participants (4)
-
Gaël Lams
-
Jerry Westrick
-
Ken Schneider
-
Michael Behrens