RSH - permission denied
contr...@gmail.com
rsh is enabled in /etc/inetd.conf, I made an entry in /etc/hosts,
/etc/hosts.equiv
and $HOME/.rhosts (both machines), but I can´t rsh to another machine.
Issuing rlogin I get: Connection refused
# truss rsh solaris01 ls
execve("/usr/bin/rsh", 0xFFBFFCCC, 0xFFBFFCDC) argc = 3
resolvepath("/usr/lib/ld.so.1", "/usr/lib/ld.so.1", 1023) = 16
resolvepath("/usr/bin/rsh", "/usr/bin/rsh", 1023) = 12
stat("/usr/bin/rsh", 0xFFBFFAA0) = 0
open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
stat("/usr/lib/libnsl.so.1", 0xFFBFF5A8) = 0
resolvepath("/usr/lib/libnsl.so.1", "/usr/lib/libnsl.so.1", 1023) = 20
open("/usr/lib/libnsl.so.1", O_RDONLY) = 3
mmap(0x00010000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 3,
0) = 0xFF3A0000
mmap(0x00010000, 712704, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFF280000
mmap(0xFF280000, 579982, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF280000
mmap(0xFF31E000, 32804, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 581632) = 0xFF31E000
mmap(0xFF328000, 22816, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFF328000
munmap(0xFF30E000, 65536) = 0
memcntl(0xFF280000, 82424, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3) = 0
stat("/usr/lib/libsocket.so.1", 0xFFBFF5A8) = 0
resolvepath("/usr/lib/libsocket.so.1", "/usr/lib/libsocket.so.1", 1023)
= 23
open("/usr/lib/libsocket.so.1", O_RDONLY) = 3
mmap(0xFF3A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF3A0000
mmap(0x00010000, 114688, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFF380000
mmap(0xFF380000, 39550, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF380000
mmap(0xFF39A000, 4333, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 40960) = 0xFF39A000
munmap(0xFF38A000, 65536) = 0
memcntl(0xFF380000, 13792, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3) = 0
stat("/usr/lib/libc.so.1", 0xFFBFF5A8) = 0
resolvepath("/usr/lib/libc.so.1", "/usr/lib/libc.so.1", 1023) = 18
open("/usr/lib/libc.so.1", O_RDONLY) = 3
mmap(0xFF3A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF3A0000
mmap(0x00010000, 802816, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFF180000
mmap(0xFF180000, 702900, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF180000
mmap(0xFF23C000, 24688, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 704512) = 0xFF23C000
munmap(0xFF22C000, 65536) = 0
memcntl(0xFF180000, 117444, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3) = 0
stat("/usr/lib/libdl.so.1", 0xFFBFF5A8) = 0
resolvepath("/usr/lib/libdl.so.1", "/usr/lib/libdl.so.1", 1023) = 19
open("/usr/lib/libdl.so.1", O_RDONLY) = 3
mmap(0xFF3A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF3A0000
mmap(0x00002000, 8192, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFF3FA000
mmap(0xFF3FA000, 1894, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xFF3FA000
mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF370000
close(3) = 0
stat("/usr/lib/libmp.so.2", 0xFFBFF5A8) = 0
resolvepath("/usr/lib/libmp.so.2", "/usr/lib/libmp.so.2", 1023) = 19
open("/usr/lib/libmp.so.2", O_RDONLY) = 3
mmap(0xFF3A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF3A0000
mmap(0x00010000, 90112, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFF350000
mmap(0xFF350000, 10804, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF350000
mmap(0xFF364000, 849, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 16384) = 0xFF364000
munmap(0xFF354000, 65536) = 0
memcntl(0xFF350000, 2464, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3) = 0
stat("/usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1", 0xFFBFF2B8) = 0
resolvepath("/usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1",
"/usr/platform/sun4u/lib/libc_psr.so.1", 1023) = 37
open("/usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1", O_RDONLY) = 3
mmap(0xFF3A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF3A0000
mmap(0x00002000, 16384, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFF3E6000
mmap(0xFF3E6000, 13544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF3E6000
close(3) = 0
munmap(0xFF3A0000, 8192) = 0
getustack(0xFFBFF8E4)
getrlimit(RLIMIT_STACK, 0xFFBFF8DC) = 0
getcontext(0xFFBFF718)
setustack(0xFF243A74)
brk(0x00021FE0) = 0
brk(0x00023FE0) = 0
stat("/usr/lib/locale/en_US.ISO8859-1/en_US.ISO8859-1.so.2",
0xFFBFE920) = 0
resolvepath("/usr/lib/locale/en_US.ISO8859-1/en_US.ISO8859-1.so.2",
"/usr/lib/locale/en_US.ISO8859-1/en_US.ISO8859-1.so.2", 1023) =2
open("/usr/lib/locale/en_US.ISO8859-1/en_US.ISO8859-1.so.2", O_RDONLY)
= 3
mmap(0x00010000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 3,
0) = 0xFF340000
mmap(0x00010000, 90112, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFF260000
mmap(0xFF260000, 14830, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0xFF260000
mmap(0xFF272000, 8822, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 8192) = 0xFF272000
munmap(0xFF264000, 57344) = 0
memcntl(0xFF260000, 6840, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3) = 0
munmap(0xFF340000, 8192) = 0
getuid() = 0 [0]
open64("/var/run/name_service_door", O_RDONLY) = 3
fcntl(3, F_SETFD, 0x00000001) = 0
door_info(3, 0xFF242740) = 0
door_call(3, 0xFFBFF198) = 0
open("/etc/netconfig", O_RDONLY|O_LARGEFILE) = 4
brk(0x00023FE0) = 0
brk(0x00025FE0) = 0
fcntl(4, F_DUPFD, 0x00000100) Err#22 EINVAL
read(4, " # p r a g m a i d e n".., 1024) = 1024
read(4, " t s t p i _ c".., 1024) = 215
read(4, 0x00023CD0, 1024) = 0
lseek(4, 0, SEEK_SET) = 0
read(4, " # p r a g m a i d e n".., 1024) = 1024
read(4, " t s t p i _ c".., 1024) = 215
read(4, 0x00023CD0, 1024) = 0
close(4) = 0
open("/dev/udp", O_RDONLY) = 4
ioctl(4, 0xC00C6982, 0xFFBFF514) = 0
close(4) = 0
open("/etc/nsswitch.conf", O_RDONLY|O_LARGEFILE) = 4
fcntl(4, F_DUPFD, 0x00000100) Err#22 EINVAL
read(4, " #\n # / e t c / n s s".., 1024) = 799
read(4, 0x00024348, 1024) = 0
close(4) = 0
stat("/usr/lib/nss_files.so.1", 0xFFBFEE70) = 0
resolvepath("/usr/lib/nss_files.so.1", "/usr/lib/nss_files.so.1", 1023)
= 23
open("/usr/lib/nss_files.so.1", O_RDONLY) = 4
mmap(0x00010000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 4,
0) = 0xFF340000
mmap(0x00010000, 98304, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFF160000
mmap(0xFF160000, 19054, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4,
0) = 0xFF160000
mmap(0xFF176000, 1736, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 4, 24576) = 0xFF176000
munmap(0xFF166000, 65536) = 0
memcntl(0xFF160000, 6232, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(4) = 0
munmap(0xFF340000, 8192) = 0
open("/etc/services", O_RDONLY|O_LARGEFILE) = 4
fcntl(4, F_DUPFD, 0x00000100) Err#22 EINVAL
read(4, " # i d e n t\t " @ ( # )".., 1024) = 1024
read(4, " o t o c o l v 2\n l d".., 1024) = 1024
read(4, " n d o w S y s t e m\n".., 1024) = 1024
close(4) = 0
getpid() = 21190 [21189]
brk(0x00025FE0) = 0
brk(0x00027FE0) = 0
open("/dev/udp", O_RDONLY) = 4
ioctl(4, 0xC00C6982, 0xFFBFF23C) = 0
ioctl(4, 0xC00C6982, 0xFFBFF23C) = 0
door_info(3, 0xFFBFD078) = 0
door_call(3, 0xFFBFD060) = 0
sigaction(SIGPIPE, 0xFFBFF640, 0xFFBFF620) = 0
sigfillset(0xFF242AC0) = 0
sigprocmask(SIG_BLOCK, 0xFFBFF610, 0xFFBFF600) = 0
so_socket(PF_INET6, SOCK_STREAM, IPPROTO_IP, "", 1) = 5
setsockopt(5, tcp, 0x21, 0xFFBFF164, 4, 1) = 0
setsockopt(5, tcp, 0x20, 0xFFBFF164, 4, 1) = 0
bind(5, 0xFFBFF1C8, 32, 3) = 0
getsockname(5, 0xFFBFF1C8, 0xFFBFF15C, 1) = 0
setsockopt(5, tcp, 0x20, 0xFFBFF160, 4, 1) = 0
setsockopt(5, tcp, 0x21, 0xFFBFF160, 4, 1) = 0
ioctl(5, FIOSETOWN, 0xFFBFF2C4) = 0
connect(5, 0xFFBFF500, 32, 1) = 0
so_socket(PF_INET6, SOCK_STREAM, IPPROTO_IP, "", 1) = 6
setsockopt(6, tcp, 0x21, 0xFFBFF164, 4, 1) = 0
setsockopt(6, tcp, 0x20, 0xFFBFF164, 4, 1) = 0
bind(6, 0xFFBFF1C8, 32, 3) = 0
getsockname(6, 0xFFBFF1C8, 0xFFBFF15C, 1) = 0
setsockopt(6, tcp, 0x20, 0xFFBFF160, 4, 1) = 0
setsockopt(6, tcp, 0x21, 0xFFBFF160, 4, 1) = 0
listen(6, 1, 1) = 0
write(5, " 7 3 0\0", 4) = 4
poll(0xFFBFD2B8, 2, -1) = 1
accept(6, 0xFFBFF340, 0xFFBFF4FC, 1) = 7
close(6) = 0
write(5, " r o o t\0", 5) = 5
write(5, " r o o t\0", 5) = 5
write(5, " l s\0", 3) = 3
read(5, "01", 1) = 1
read(5, " p", 1) = 1
pwrite(2, " p", 1) = 1
read(5, " e", 1) = 1
ewrite(2, " e", 1) = 1
read(5, " r", 1) = 1
rwrite(2, " r", 1) = 1
read(5, " m", 1) = 1
mwrite(2, " m", 1) = 1
read(5, " i", 1) = 1
iwrite(2, " i", 1) = 1
read(5, " s", 1) = 1
swrite(2, " s", 1) = 1
read(5, " s", 1) = 1
swrite(2, " s", 1) = 1
read(5, " i", 1) = 1
iwrite(2, " i", 1) = 1
read(5, " o", 1) = 1
owrite(2, " o", 1) = 1
read(5, " n", 1) = 1
nwrite(2, " n", 1) = 1
read(5, " ", 1) = 1
write(2, " ", 1) = 1
read(5, " d", 1) = 1
dwrite(2, " d", 1) = 1
read(5, " e", 1) = 1
ewrite(2, " e", 1) = 1
read(5, " n", 1) = 1
nwrite(2, " n", 1) = 1
read(5, " i", 1) = 1
iwrite(2, " i", 1) = 1
read(5, " e", 1) = 1
ewrite(2, " e", 1) = 1
read(5, " d", 1) = 1
dwrite(2, " d", 1) = 1
read(5, "\n", 1) = 1
write(2, "\n", 1) = 1
close(7) = 0
close(5) = 0
sigaction(SIGPIPE, 0xFFBFF620, 0x00000000) = 0
sigprocmask(SIG_SETMASK, 0xFFBFF600, 0x00000000) = 0
_exit(1)
#
Can you help me ? (I don´t want use ssh)
Thanks in advance.
Logan Shaw
> Could you tell me why I惴 not able to rsh to another machine ?
> rsh is enabled in /etc/inetd.conf, I made an entry in /etc/hosts,
> /etc/hosts.equiv
> Issuing rlogin I get: Connection refused
That's funny: your truss output says you get "permission denied".
I would suspect one of 3 things:
(1) DNS or other hostname/IP mapping problems (always an issue with
rsh/rlogin),
(2) Permissions on .rhosts (if it's world-writable, it will be
ignored), or
(3) You are successfully getting in, but you don't have permission
to run "ls", in which case, I'd try doing ":" instead, as in
"rsh solaris01 :"; since it's a shell built-in, you should
almost definitely have permission to execute it.
> Can you help me ? (I don愒 want use ssh)
Why don't you want to use ssh? It's more secure, and it does
everything rsh does. Yes, there is a bit more of a learning
curve, but it's really not that bad. I avoided it for a long
time because of the learning curve, but then when I forced myself
to use it, I found out it wasn't as bad as I had expected.
- Logan
contr...@gmail.com
> > rsh is enabled in /etc/inetd.conf, I made an entry in /etc/hosts,
> > /etc/hosts.equiv
> > Issuing rlogin I get: Connection refused
>
> That's funny: your truss output says you get "permission denied".
>
> I would suspect one of 3 things:
>
> (1) DNS or other hostname/IP mapping problems (always an issue with
> rsh/rlogin),
> (2) Permissions on .rhosts (if it's world-writable, it will be
> ignored), or
> (3) You are successfully getting in, but you don't have permission
> to run "ls", in which case, I'd try doing ":" instead, as in
> "rsh solaris01 :"; since it's a shell built-in, you should
> almost definitely have permission to execute it.
>
>
> Why don't you want to use ssh? It's more secure, and it does
> everything rsh does. Yes, there is a bit more of a learning
> curve, but it's really not that bad. I avoided it for a long
> time because of the learning curve, but then when I forced myself
> to use it, I found out it wasn't as bad as I had expected.
>
> - Logan
I continue don´t able to execute rsh in remote mechine...
# rsh solaris01 w
permission denied
# rsh solaris01 :
permission denied
ls -alF .rhosts
-rw-r--r-- 1 264 Aug 28 15:54 .rhosts
Logan Shaw
> I continue don´t able to execute rsh in remote mechine...
>
> # rsh solaris01 w
> permission denied
> # rsh solaris01 :
> permission denied
Well, your problem is on the remote end somewhere:
# strings /usr/bin/rsh | grep -i permission
# strings /usr/sbin/in.rshd | grep -i permission
permission denied.
permission denied
Permission denied
Permission denied
#
Therefore, you must be succeeding at connecting to the remote end,
but it is denying you a connection and sending you the error
message.
What happens if you telnet to the remote machine, then type
"who am i"? What does it say in the parenthesis at the end of
the line? Whatever it says should match what is in your .rhosts
file.
- Logan
Mariano Obarrio
# ssh solaris01 ls
You can configure ssh with blank password, and this way dont ask
password.
Mariano
contr...@gmail.com ha escrito:
Andreas Buschmann
> Could you tell me why I?m not able to rsh to another machine ?
> rsh is enabled in /etc/inetd.conf, I made an entry in /etc/hosts,
> /etc/hosts.equiv
> Can you help me ? (I don=B4t want use ssh)
Mariano Obarrio <mariano...@gmail.com> wrote:
mo> Hi Why don't use ssh???? is more secure and easy.
The usual reason (at least for me) not wanting to use ssh is mass data
transportation on a local assumed safe net e.g. for a backup.
The encryption takes a lot of cpu, which you might not have available.
mo> You can configure ssh with blank password, and this way dont ask
mo> password.
you would be better of using .ssh/authorized_keys on the server and
.ssh/identity.pub on the client (or the ssh2 equivalents).
For debugging the original problem:
1. can you login into the server with ssh?
2. if yes to 1), do you have your home directory on the server?
3. if yes to 2), does your home directory on the server belong to you?
4. if yes to 3), does your home directory have the permission 755 or 700 ?
5. if yes to 4), does $HOME/.rhosts belong to you?
6. if yes to 5), does $HOME/.rhosts have the permission 600 ?
7. for testing, on the server please enable the service login, too
8. on the server side restart inetd / xinetd
9. on the client, try to rlogin into the server.
10. please look into /var/log/messages and /var/log/auth.log, if there is
a line saying something like user@client login .
11. check if the user and the client in this line are the same as
the client and the user in $HOME/.rhosts .
12. Look at the in.rshd line fron the servers /etc/inetd.conf .
Does it have a tcpd wrapper added? If yes, you have to enable
the rshd in /etc/hosts.allow.
13. Does your server use pam?
ldd /usr/sbin/in.rshd
Is there a libpam line?
14. if yes to 13), ist there a /etc/pam.d/rsh or are there rsh lines in
/etc/pam.conf like:
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
Without an pam_rhosts_auth.so.1 using .rhosts is not possible.
If these don't help, change the line in /etc/inetd.conf on the server
to something like:
shell stream tcp nowait root /usr/bin/truss truss -o /var/tmp/rshd.log /
usr/sbin/in.rshd
and post that truss output.
Regards
Andreas
p.s. is it possible to use ssh with encryption during the login phase,
but without encryption during the data transport phase?
If yes, ssh can be a full replacement for rsh.
If no, you will still need rsh for e.g. rmt an other data transport
actions.