1. The first person to lecture me about rsh and security gets shot :-).
2. On fedora 24, I can't get some test scripts to run which have used rsh since time first fell upon the face of the earth (and they are behind a firewall on a local network anyway).
I've installed rsh and rsh-server on all the boxes, I've enabled rsh.socket. If I run rsh to localhost, it works fine. The test user has a ~/.rhosts file with all the names of all the systems mentioned as valid.
But when I get on another system and try to rsh in, it always tells me "no route to host". Anyone have a clue what else to check?
On Mon, 27 Jun 2016 17:01:57 -0700 Joe Zeff wrote:
Can you ping the host?
Oh yes. ssh works, ping works, everybody has a route to the host except rsh.
I'm pretty sure it is selinux. I remember it broke rsh in previous releases and I don't remember turning it off on the test machines.
On Mon, 27 Jun 2016 17:38:29 -0700 Joe Zeff wrote:
OK, that rules out everything except the two machines involved. Can you use rsh from a different box or connect from the first one to a different one?
I've been experimenting, and it is very weird.
Apparently I can rsh to or from anything unless both the source and target are fedora 24 machines, then I get the no route to host error. (One machine being f24, no problem, two, and no route to host).
Worse yet, I've checked and I did turn off selinux, so it isn't selinux.
The machine I'm trying to reach is on a different subnet, so there is some firewall magic in the gateways and routers and wot-not to arrange for the reverse rsh connections to work, but other machines I can rsh into are on that same subnet, so the firewall magic must be working. And two f24 machines inside that subnet also cannot rsh to each other, and they wouldn't even need the routing magic.
Maybe I'll break out wireshark tomorrow and compare a working rsh to a broken rsh.
Or perhaps at some point it will be simpler to find all the rsh calls in the 47 gazillion lines of test scripts and make them use ssh instead :-).
On 06/27/2016 05:51 PM, Tom Horsley wrote:
On Mon, 27 Jun 2016 17:38:29 -0700 Joe Zeff wrote:
OK, that rules out everything except the two machines involved. Can you use rsh from a different box or connect from the first one to a different one?
I've been experimenting, and it is very weird.
Apparently I can rsh to or from anything unless both the source and target are fedora 24 machines, then I get the no route to host error. (One machine being f24, no problem, two, and no route to host).
Worse yet, I've checked and I did turn off selinux, so it isn't selinux.
The machine I'm trying to reach is on a different subnet, so there is some firewall magic in the gateways and routers and wot-not to arrange for the reverse rsh connections to work, but other machines I can rsh into are on that same subnet, so the firewall magic must be working. And two f24 machines inside that subnet also cannot rsh to each other, and they wouldn't even need the routing magic.
Maybe I'll break out wireshark tomorrow and compare a working rsh to a broken rsh.
Or perhaps at some point it will be simpler to find all the rsh calls in the 47 gazillion lines of test scripts and make them use ssh instead :-).
Uh, just for giggles, rsh between two F24s and check the logs of the target F24 machine. It may be that rsh is generating a FQDN of the sending machine that doesn't match what you have in the .rhosts of the target machine (and vice versa). I've seen this sorta weirdness before with LDAP "host" records. Perhaps the same thing is going on with rsh.
Also make SURE you don't have firewalls between the two F24 machines by looking at "iptables -L -n". ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - First Law of Work: - - If you can't get it done in the first 24 hours, work nights. - ----------------------------------------------------------------------
On Mon, 27 Jun 2016 18:06:52 -0400 Tom Horsley wrote:
But when I get on another system and try to rsh in, it always tells me "no route to host". Anyone have a clue what else to check?
DOH! I merely remembered turning off the firewall, but I apparently didn't actually do it :-).
It works fine now with no firewall (but it took a long time to finally recheck something I was absolutely positive I had already done).
-
Gordon Messmer -
Joe Zeff -
Rick Stevens -
Tom Horsley