Solved

Linux rsh problem

Posted on 2013-01-27
14
2,370 Views
Last Modified: 2013-02-11
Whenever I try to use rsh I get:
poll: protocol failure in circuit setup

I configured it according this link: http://people.redhat.com/kzak/docs/rsh-rlogin-howto.html

And made sure that the iptables service is off.

The system is RedHat 4 AS.
How do I fix it?

Thanks,
Tal
0
Comment
Question by:questil
  • 7
  • 7
14 Comments
 

Author Comment

by:questil
ID: 38824031
A new entry is added to /var/log/messages when I try to rsh:

rshd[17511]: can't get stderr port: Permission denied
0
 
LVL 77

Expert Comment

by:arnold
ID: 38824109
Rsh is an insecure protocol and is often disabled in inetd.conf or xinetd depending on the system, you can achieve the same thing using using ssh.

http://www.mkssoftware.com/docs/man1/rsh.1.asp look whether the user remuser is in hosts.equiv
0
 

Author Comment

by:questil
ID: 38824149
It must be rsh, required by DB2.
0
 
LVL 77

Expert Comment

by:arnold
ID: 38824182
The user used in the rsh must be included in hosts.equiv local and remote.

The error you might be getting from the local system when rsh attempts to bind to the local stderr.
0
 

Author Comment

by:questil
ID: 38824186
cat /etc/hosts.equiv
+
0
 
LVL 77

Expert Comment

by:arnold
ID: 38824207
On the remote to which rsh connects, host.equiv
Source_host source_user

Ssh into the remote server as a separate session, then use strace on xinetd process strace -f -p <PID>
Then see where the deny comes in when the rsh session is attempted.
0
 

Author Comment

by:questil
ID: 38824216
It's all on the same host, the problem is to rsh to localhost.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 77

Expert Comment

by:arnold
ID: 38824245
Try localhost localuser in hosts.equiv
Iptables are not enforced/applied on localhost.
0
 

Author Comment

by:questil
ID: 38824268
cat /etc/hosts.equiv
+ +

/usr/bin/rsh localhost date
poll: protocol failure in circuit setup

0
 
LVL 77

Expert Comment

by:arnold
ID: 38824394
Are the pus signs supposed to replace the explicit notation of
localhost localusername
?
Use strace on xinetd process to see what is going on on the initiation of the rsh session and the causes for its failure.

http://www.novell.com/support/kb/doc.php?id=3077223
0
 

Author Comment

by:questil
ID: 38825826
According to hosts.equiv man page the plus signs will allow any user from any machine to connect.

I run strace on the pid of xinetd and this is the output:

Process 27496 attached - interrupt to quit
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [9])
accept(9, {sa_family=AF_INET, sin_port=htons(1023), sin_addr=inet_addr("127.0.0.1")}, [16]) = 11
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a95d7def0) = 30315
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
sendto(7, "<86>Jan 28 09:29:38 xinetd[27496"..., 72, MSG_NOSIGNAL, NULL, 0) = 72
close(11)                               = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [5])
accept(5, {sa_family=AF_INET, sin_port=htons(38165), sin_addr=inet_addr("127.0.0.1")}, [16]) = 11
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a95d7def0) = 30316
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=803, ...}) = 0
sendto(7, "<86>Jan 28 09:29:38 xinetd[27496"..., 71, MSG_NOSIGNAL, NULL, 0) = 71
close(11)                               = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
write(4, "\21", 1)                      = 1
rt_sigreturn(0x4)                       = -1 EINTR (Interrupted system call)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [3])
ioctl(3, FIONREAD, [1])                 = 0
read(3, "\21", 1)                       = 1
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG, NULL) = 30316
close(4294967295)                       = -1 EBADF (Bad file descriptor)
wait4(-1, 0x7fbffffafc, WNOHANG, NULL)  = 0
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
write(4, "\21", 1)                      = 1
rt_sigreturn(0x4)                       = -1 EINTR (Interrupted system call)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL) = 1 (in [3])
ioctl(3, FIONREAD, [1])                 = 0
read(3, "\21", 1)                       = 1
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], WNOHANG, NULL) = 30315
close(4294967295)                       = -1 EBADF (Bad file descriptor)
wait4(-1, 0x7fbffffafc, WNOHANG, NULL)  = -1 ECHILD (No child processes)
select(11, [3 5 6 8 9 10], NULL, NULL, NULL <unfinished ...>
Process 27496 detached


The link you provided is for remote firewalled system (it's not the case) and the system hangs for a long time before it return this error. in my case it return it immediately.
0
 
LVL 77

Expert Comment

by:arnold
ID: 38826564
Could you post the complete command,? Try instead of using localhost, use the IP on the system.
0
 

Author Comment

by:questil
ID: 38826785
It's the same output with localhost, hostname or IP address:

rsh localhost date
connect to address 127.0.0.1: Connection refused
Trying krb4 rsh...
connect to address 127.0.0.1: Connection refused
trying normal rsh (/usr/bin/rsh)
poll: protocol failure in circuit setup


For root it works! if I change /etc/xinetd.d/rsh to user = root instead of this user I have no problem.

Any idea what could it be?
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 38827018
The service has to run as root that is the issue with security.
You should explicitly limit using hosts.equiv the machine and user that can connect using rsh, rlogin, etc.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
linux boot fsck problem 3 61
AWS CLI issues with Tags 3 62
Removing DES and 3DES ciphers in linux RedHat 6.8 38 94
route 2 traffic streams on single NIC 6 34
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now