questil
asked on
Linux rsh problem
Whenever I try to use rsh I get:
poll: protocol failure in circuit setup
I configured it according this link: http://people.redhat.com/k zak/docs/r sh-rlogin- howto.html
And made sure that the iptables service is off.
The system is RedHat 4 AS.
How do I fix it?
Thanks,
Tal
poll: protocol failure in circuit setup
I configured it according this link: http://people.redhat.com/k
And made sure that the iptables service is off.
The system is RedHat 4 AS.
How do I fix it?
Thanks,
Tal
Rsh is an insecure protocol and is often disabled in inetd.conf or xinetd depending on the system, you can achieve the same thing using using ssh.
http://www.mkssoftware.com/docs/man1/rsh.1.asp look whether the user remuser is in hosts.equiv
http://www.mkssoftware.com/docs/man1/rsh.1.asp look whether the user remuser is in hosts.equiv
ASKER
It must be rsh, required by DB2.
The user used in the rsh must be included in hosts.equiv local and remote.
The error you might be getting from the local system when rsh attempts to bind to the local stderr.
The error you might be getting from the local system when rsh attempts to bind to the local stderr.
ASKER
cat /etc/hosts.equiv
+
+
On the remote to which rsh connects, host.equiv
Source_host source_user
Ssh into the remote server as a separate session, then use strace on xinetd process strace -f -p <PID>
Then see where the deny comes in when the rsh session is attempted.
Source_host source_user
Ssh into the remote server as a separate session, then use strace on xinetd process strace -f -p <PID>
Then see where the deny comes in when the rsh session is attempted.
ASKER
It's all on the same host, the problem is to rsh to localhost.
Try localhost localuser in hosts.equiv
Iptables are not enforced/applied on localhost.
Iptables are not enforced/applied on localhost.
ASKER
cat /etc/hosts.equiv
+ +
/usr/bin/rsh localhost date
poll: protocol failure in circuit setup
+ +
/usr/bin/rsh localhost date
poll: protocol failure in circuit setup
Are the pus signs supposed to replace the explicit notation of
localhost localusername
?
Use strace on xinetd process to see what is going on on the initiation of the rsh session and the causes for its failure.
http://www.novell.com/support/kb/doc.php?id=3077223
localhost localusername
?
Use strace on xinetd process to see what is going on on the initiation of the rsh session and the causes for its failure.
http://www.novell.com/support/kb/doc.php?id=3077223
ASKER
According to hosts.equiv man page the plus signs will allow any user from any machine to connect.
I run strace on the pid of xinetd and this is the output:
Process 27496 attached - interrupt to quit
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [9])
accept(9, {sa_family=AF_INET, sin_port=htons(1023), sin_addr=inet_addr("127.0. 0.1")}, [16]) = 11
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID |CLONE_CHI LD_SETTID| SIGCHLD, child_tidptr=0x2a95d7def0) = 30315
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
sendto(7, "<86>Jan 28 09:29:38 xinetd[27496"..., 72, MSG_NOSIGNAL, NULL, 0) = 72
close(11) = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [5])
accept(5, {sa_family=AF_INET, sin_port=htons(38165), sin_addr=inet_addr("127.0. 0.1")}, [16]) = 11
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID |CLONE_CHI LD_SETTID| SIGCHLD, child_tidptr=0x2a95d7def0) = 30316
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
sendto(7, "<86>Jan 28 09:29:38 xinetd[27496"..., 71, MSG_NOSIGNAL, NULL, 0) = 71
close(11) = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
write(4, "\21", 1) = 1
rt_sigreturn(0x4) = -1 EINTR (Interrupted system call)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [3])
ioctl(3, FIONREAD, [1]) = 0
read(3, "\21", 1) = 1
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG, NULL) = 30316
close(4294967295) = -1 EBADF (Bad file descriptor)
wait4(-1, 0x7fbffffafc, WNOHANG, NULL) = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
write(4, "\21", 1) = 1
rt_sigreturn(0x4) = -1 EINTR (Interrupted system call)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [3])
ioctl(3, FIONREAD, [1]) = 0
read(3, "\21", 1) = 1
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], WNOHANG, NULL) = 30315
close(4294967295) = -1 EBADF (Bad file descriptor)
wait4(-1, 0x7fbffffafc, WNOHANG, NULL) = -1 ECHILD (No child processes)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL <unfinished ...>
Process 27496 detached
The link you provided is for remote firewalled system (it's not the case) and the system hangs for a long time before it return this error. in my case it return it immediately.
I run strace on the pid of xinetd and this is the output:
Process 27496 attached - interrupt to quit
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [9])
accept(9, {sa_family=AF_INET, sin_port=htons(1023), sin_addr=inet_addr("127.0.
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
sendto(7, "<86>Jan 28 09:29:38 xinetd[27496"..., 72, MSG_NOSIGNAL, NULL, 0) = 72
close(11) = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [5])
accept(5, {sa_family=AF_INET, sin_port=htons(38165), sin_addr=inet_addr("127.0.
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
sendto(7, "<86>Jan 28 09:29:38 xinetd[27496"..., 71, MSG_NOSIGNAL, NULL, 0) = 71
close(11) = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
write(4, "\21", 1) = 1
rt_sigreturn(0x4) = -1 EINTR (Interrupted system call)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [3])
ioctl(3, FIONREAD, [1]) = 0
read(3, "\21", 1) = 1
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG, NULL) = 30316
close(4294967295) = -1 EBADF (Bad file descriptor)
wait4(-1, 0x7fbffffafc, WNOHANG, NULL) = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
write(4, "\21", 1) = 1
rt_sigreturn(0x4) = -1 EINTR (Interrupted system call)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [3])
ioctl(3, FIONREAD, [1]) = 0
read(3, "\21", 1) = 1
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], WNOHANG, NULL) = 30315
close(4294967295) = -1 EBADF (Bad file descriptor)
wait4(-1, 0x7fbffffafc, WNOHANG, NULL) = -1 ECHILD (No child processes)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL <unfinished ...>
Process 27496 detached
The link you provided is for remote firewalled system (it's not the case) and the system hangs for a long time before it return this error. in my case it return it immediately.
Could you post the complete command,? Try instead of using localhost, use the IP on the system.
ASKER
It's the same output with localhost, hostname or IP address:
rsh localhost date
connect to address 127.0.0.1: Connection refused
Trying krb4 rsh...
connect to address 127.0.0.1: Connection refused
trying normal rsh (/usr/bin/rsh)
poll: protocol failure in circuit setup
For root it works! if I change /etc/xinetd.d/rsh to user = root instead of this user I have no problem.
Any idea what could it be?
rsh localhost date
connect to address 127.0.0.1: Connection refused
Trying krb4 rsh...
connect to address 127.0.0.1: Connection refused
trying normal rsh (/usr/bin/rsh)
poll: protocol failure in circuit setup
For root it works! if I change /etc/xinetd.d/rsh to user = root instead of this user I have no problem.
Any idea what could it be?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
rshd[17511]: can't get stderr port: Permission denied