I have RHEL4 machine with IP address 10.121.113.92 and I want not able to connect to that server using rsh. Below are the steps followed by me to enable the rsh
[root@linux ~]# telnet 10.121.113.92 544
Trying 10.121.113.92...
telnet: connect to address 10.121.113.92: Connection refused
telnet: Unable to connect to remote host: Connection refused
=========================
In the file /etc/xinetd.d/rsh make disable =no
[root@linux ~]# more /etc/xinetd.d/rsh
default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}
====================================
In the file /etc/xinetd.d/rlogin make disable =no
[root@linux ~]# more /etc/xinetd.d/rlogin
# default: on
# description: rlogind is the server for the rlogin(1) program. The server \
# provides a remote login facility with authentication based on \
# privileged port numbers from trusted hosts.
service login
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
}
=============
I then opened the /etc/pam.d/rlogin file and commented the "password " line and "auth required pam_securetty.so" line
Next I modified the line "auth required pam_rhosts_auth.so" to "auth sufficient pam_rhosts_auth.so"
[root@linux ~]# more /etc/pam.d/rlogin
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth required pam_nologin.so
#auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_rhosts_auth.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
#password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
==========================
Commented "auth required pam_securetty.so" line in the /etc/pam.d/rsh file
[root@linux ~]# more /etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
#auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_rhosts_auth.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
==============
[root@linux ~]# more /etc/pam.d/rexec
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rexec" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
===================
Added rsh,rlogin,rexec to /etc/securetty
[root@linux ~]# more /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
rsh
rlogin
rexec
=====================
Created the /root/.rhosts file with 644 permission and added the host name/IP address from which this server will be rsh connected
[root@linux ~]# more /root/.rhosts
10.121.113.95
first.test.com
================
[root@linux ~]# hostname
linux.test.com
==========
[root@linux ~]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
10.121.113.92 linux.test.com
10.121.113.94 first.test.com
10.121.113.95 second.test.com
==============
restarted the xinetd services
[root@linux ~]# chkconfig --list | grep rsh
rsh: on
[root@linux ~]# chkconfig --list | grep rlogin
rlogin: on
===============
