sunhux
asked on
Unharden/enable back rsh/rlogin on Solaris 8/9/10
A)
Appreciate if someone could give me the steps to
unharden/enable back rsh & rlogin. I misplaced my
documentation somewhere.
B)
Is the .rhosts file something I place in / & what's the content like?
Have not done this for quite a while
C)
Also let me know what I need to do to enable a Linux & Solaris server to do
"ufsrestore -ivf remote_Sun_server:/dev/rmt /0cn" (from a local Solaris box)
or
"dd if=remote_Sun_server:/devr mt/0cn of=local_Linux_disk_partit ion"
D)
If a dd of a Linux is written to a remote Solaris tape drive, can be it be read back
again from the Solaris server (or it has to be a remote Linux server's tape drive),
just curious as I've not tried restoring it yet :
dd if=/dev/sda2 bs=32k conv=sync,noerror | ssh remoteuser@remoteSun "dd of=/dev/rmt/0c"
Appreciate if someone could give me the steps to
unharden/enable back rsh & rlogin. I misplaced my
documentation somewhere.
B)
Is the .rhosts file something I place in / & what's the content like?
Have not done this for quite a while
C)
Also let me know what I need to do to enable a Linux & Solaris server to do
"ufsrestore -ivf remote_Sun_server:/dev/rmt
or
"dd if=remote_Sun_server:/devr
D)
If a dd of a Linux is written to a remote Solaris tape drive, can be it be read back
again from the Solaris server (or it has to be a remote Linux server's tape drive),
just curious as I've not tried restoring it yet :
dd if=/dev/sda2 bs=32k conv=sync,noerror | ssh remoteuser@remoteSun "dd of=/dev/rmt/0c"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
did you add your create /.rhosts or /etc/hosts.equiv and added entry to them? Also look at their permissions ( I think it should not be writable )
ASKER
Yes, I've created /.rhosts (did not create /etc/hosts.equiv) :
it has permission 755 so I've just changed it to 444 & try
again & still it prompts for password when I did rsh.
I recall someone ever told me it has to do with /etc/pam.conf :
# grep -i login /etc/pam.conf
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
# rlogin service (explicit because of pam_rhost_auth)
# rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
# Kerberized rlogin service
krlogin auth required pam_unix_cred.so.1
krlogin auth required pam_krb5.so.1
Or any other possible cause?
it has permission 755 so I've just changed it to 444 & try
again & still it prompts for password when I did rsh.
I recall someone ever told me it has to do with /etc/pam.conf :
# grep -i login /etc/pam.conf
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
# rlogin service (explicit because of pam_rhost_auth)
# rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
# Kerberized rlogin service
krlogin auth required pam_unix_cred.so.1
krlogin auth required pam_krb5.so.1
Or any other possible cause?
ASKER
Content of /.rhosts (all hosts in it are pingable) :
# ls -lad /.rhosts
-r--r--r-- 1 root root 54 Nov 21 12:39 /.rhosts
# more /.rhosts
slasun05
slasun02
slasun03
slasun04
slasun11
slasun12
# ls -lad /.rhosts
-r--r--r-- 1 root root 54 Nov 21 12:39 /.rhosts
# more /.rhosts
slasun05
slasun02
slasun03
slasun04
slasun11
slasun12
are these host names in /etc/hosts or in dns?
ASKER
On the local server, the following command just did not copy anything over
rcp -rp . remote_svr:/var/tmp/capat
while "rsh remote_svr" prompts for password.
What did I miss?