?
Solved

Unharden/enable back rsh/rlogin on Solaris 8/9/10

Posted on 2008-11-20
7
Medium Priority
?
3,924 Views
Last Modified: 2012-06-22
A)
Appreciate if someone could give me the steps to
unharden/enable back  rsh & rlogin.  I misplaced my
documentation somewhere.

B)
Is the .rhosts file something I place in / & what's the content like?
Have not done this for quite a while

C)
Also let me know what I need to do to enable a Linux & Solaris server to do
   "ufsrestore -ivf  remote_Sun_server:/dev/rmt/0cn"  (from a local Solaris box)
     or
   "dd if=remote_Sun_server:/devrmt/0cn of=local_Linux_disk_partition"

D)
If a dd of a Linux is written to a remote Solaris tape drive, can be it be read back
again from the Solaris server (or it has to be a remote Linux server's tape drive),
just curious as I've not tried restoring it yet :
dd if=/dev/sda2 bs=32k conv=sync,noerror | ssh remoteuser@remoteSun "dd of=/dev/rmt/0c"
0
Comment
Question by:sunhux
  • 3
  • 3
6 Comments
 
LVL 40

Accepted Solution

by:
omarfarid earned 1500 total points
ID: 23003426
A)

for solaris 8 and 9

look into /etc/inetd.conf and hash or unhash the line of rlogin

for solaris 10 run

svcadm enable|disable rlogin

B)

you create in / or use the /etc/hosts.equiv file. please see man rhosts or man hosts.equiv

C) just set the trust (rlogin with no password)

D) It depends on the tape density and if both drives are compatible  
0
 

Author Comment

by:sunhux
ID: 23010625
I've done on remote_svr  "svcadm enable rlogin" & "pkill -HUP inetd"

On the local server, the following command just did not copy anything over
rcp -rp .   remote_svr:/var/tmp/capat
while "rsh remote_svr" prompts for password.

What did I miss?
 
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 23010976
did you add your create /.rhosts or /etc/hosts.equiv and added entry to them? Also look at their permissions ( I think it should not be writable )
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:sunhux
ID: 23039128
Yes, I've created /.rhosts  (did not create /etc/hosts.equiv) :
it has permission 755 so I've just changed it to 444 & try
again & still it prompts for password when I did rsh.

I recall someone ever told me it has to do with /etc/pam.conf :
# grep -i login /etc/pam.conf
# login service (explicit because of pam_dial_auth)
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth required           pam_unix_cred.so.1
login   auth required           pam_unix_auth.so.1
login   auth required           pam_dial_auth.so.1
# rlogin service (explicit because of pam_rhost_auth)
# rlogin        auth sufficient         pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth required           pam_dhkeys.so.1
rlogin  auth required           pam_unix_cred.so.1
rlogin  auth required           pam_unix_auth.so.1
# Kerberized rlogin service
krlogin auth required           pam_unix_cred.so.1
krlogin auth required           pam_krb5.so.1


Or any other possible cause?
0
 

Author Comment

by:sunhux
ID: 23039134
Content of /.rhosts (all hosts in it are pingable) :

# ls -lad /.rhosts
-r--r--r--   1 root     root          54 Nov 21 12:39 /.rhosts
# more /.rhosts
slasun05
slasun02
slasun03
slasun04
slasun11
slasun12
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 23041574
are these host names in /etc/hosts or in dns?
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month14 days, 11 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question