Bug 214396 - Bad: rsh commands can't be enabled
Bad: rsh commands can't be enabled
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: rsh (Show other bugs)
5.0
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Adam Tkac
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-07 08:27 EST by Robin Music
Modified: 2013-04-30 19:34 EDT (History)
2 users (show)

See Also:
Fixed In Version: 0.17-36
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-15 05:47:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robin Music 2006-11-07 08:27:41 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060802 Mandriva/1.5.0.7-1mdv2007.0 (2007.0) Firefox/1.5.0.7

Description of problem:
You cant enable the rsh commands, the needed prerequisits are all there.
Followed the instructions here, http://kbase.redhat.com/faq/FAQ_43_6967.shtm was then told to bugreport it if I couldn't get it to work. This works fine on RHEL 3.x & 4.x


Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. try enabling rsh server in this KB http://kbase.redhat.com/faq/FAQ_43_6967.shtm
2.
3.

Actual Results:
you aren't just able to use any of the rsh commands

Expected Results:
possibility to use rlogin rsync and so on

Additional info:
Comment 1 Robin Music 2006-11-07 08:31:11 EST
Hi,
I'll be sure to follow the instructions in
http://kbase.redhat.com/faq/FAQ_43_6967.shtm as soon as the up2date is possible
to perform for a beta product, until then I'll just try the bugzilla report instead.
07-NOV-2006 03:06:23 	Jan Kjellberg
Status changes from "Waiting on Customer" to "Waiting on Red Hat".
05-OCT-2006 07:40:15 	Krishnan, Prasad
Hello,

Thank you for your reply.

The most  possible cause of this error would be related to the configuration
issues. So I would request you to check all the configurations once again and
also try to login as a normal user other that root from rlogin.

Use the following rlogin command (By default it is pointed to
/usr/kerberos/bin/rlogin).

$ /usr/bin/rlogin -l <username> <host-IP>

Also try to reproduce this issue with the same configurations in the following
Kbase articles

http://kbase.redhat.com/faq/FAQ_43_6967.shtm

If the problem persists, report a bug via Bugzilla (http://bugzilla.redhat.com)
in the following product and version.

Product "Red Hat Enterprise Linux Public Beta"
Choose Version "rhel5-beta1

Best Regards,
Prasad Krishnan
05-OCT-2006 07:40:15 	Krishnan, Prasad
Status changes from "Waiting on Red Hat" to "Waiting on Customer".
03-OCT-2006 03:33:45 	Jan Kjellberg
error message below, I have tried enbaling and disabling (switching the use) the
different available remotelogin services in rhel5b1 with no success
 
 
rlogin lxws1004
connect to address 131.97.91.252 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
03-OCT-2006 03:32:09 	Jan Kjellberg
contents of .rhosts
 
spf01
spf01.got.vtc.volvo.se
spf100
vtcmail.got.vtc.volvo.se
spf100.got.vtc.volvo.se
spf101
spf101.got.vtc.volvo.se
spfdist
spfdist.got.vtc.volvo.se
03-OCT-2006 03:31:39 	Jan Kjellberg
contents of securetty
 
console
pts/0
pts/1
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
rexec
rsh
rlogin
03-OCT-2006 03:31:39 	Jan Kjellberg
Status changes from "Waiting on Customer" to "Waiting on Red Hat".
03-OCT-2006 00:54:44 	Krishnan, Prasad
Hello Jan,

Thank you for your reply.

I had searched in our Bugzilla database for known/fixed issues with RSH. But I
was note able to locate any RSH issues with RHEL-5 Client beta 1.

Can you please update us with the below informations, So that I can test the
behaviour in our test labs with the provided inputs.

1. Details about the error messages printed in the console while trying to
access rsh server (screenshot/photo image would also help)

2. Attachment copy of the following files 1.  /etc/securetty 2. .rhosts file in
root's home directory

For further clarifications, Please feel free to get back to us.

Best Regards,
Prasad krishnan

03-OCT-2006 00:54:44 	Krishnan, Prasad
Status changes from "Waiting on Red Hat" to "Waiting on Customer".
02-OCT-2006 08:49:21 	Jan Kjellberg
Hello.
 
As I have stated, if you are unable to offer/support functionality of
"r"commands in you future release of redhat 5, we will not be upgrading to that
product since our environment isn't ready to migrate to the complete use of the
secure remote commands such as SSH, SCP and so on. Nobody has aked you to
support any neta product that you have thru this SLA that you have with us
currently for RHEL 3.x and RHEL 4.x both Workstation and Enterprise. This was
merely a question regarding one of your future products to come. Now, regarding
the modifications that you are refering to, .rhosts and securetty, those
modifications have been made and the necessary packages and services are
enabled, perhaps you should talk to your developers to look into this matter
instead. Consider this being a free bugreport from someone who intends to
purchase your future product called RHEL 5, if the much needed commands are
working, or else not.
 
 
 
>P Before printing, think about ENVIRONMENTAL responsibility!
 
>* * * * * * * * * * * * * * * * * *
 
>Kindest regards / Med vänliga hälsningar
 
>Robin Music
 
>DA2N, Departement 8024 PD
 
>Volvo Information Technology AB
 
>SE-405 08 Göteborg, Sverige
 
>Telephone: +46 31 32 27446
 
>robin.music@volvo.com
02-OCT-2006 08:49:21 	Jan Kjellberg
Status changes from "Waiting on Customer" to "Waiting on Red Hat".
02-OCT-2006 07:09:02 	Krishnan, Prasad
Hello Jan,

Thanks for the uploaded sysreport.

I would like to inform you that we are not providing technical support for Beta
releases of our products.

The following informations are outside the scope of our posted Service Level
Agreements (https://www.redhat.com/support/service/sla/) and support procedures.

That being said, While analysing your logs, I was able to locate the following
messages.

Snip from your /var/log/messages:
---------
Sep 28 19:23:09 lxws1004 rshd[2194]: rsh denied to root@spf01.got.vtc.volvo.se
as root: Permission denied.
---------

If you need to use rsh, rlogin, or rexec as root, You will need to make a few
modifications to the /etc/securetty file and also need a .rhost file in root's
home directory

I would request you to refer to the following kbase articles for more information.

http://kbase.redhat.com/faq/FAQ_43_6967.shtm

Also, We strongly recommend to use secure alternative OpenSSH instead of RSH.

Best Regards,
Prasad Krishnan
02-OCT-2006 07:09:02 	Krishnan, Prasad
Status changes from "Waiting on Red Hat" to "Waiting on Customer".
02-OCT-2006 05:15:09 	Jan Kjellberg
File lxws1004-1028422.2006092985217.tar.bz2 attached
02-OCT-2006 05:15:09 	Jan Kjellberg
Status changes from "Waiting on Customer" to "Waiting on Red Hat".
02-OCT-2006 05:15:08 	Jan Kjellberg
I have provided you with a sysreport, ther you can probably see whats installed
and what's not installed. The rsh-server is installed, bur won't work.
29-SEP-2006 04:43:12 	Gupta, Vijay
Hi

Thanks for contacting us.

If you are not been able to execute the commands it doesn't necessarily means
that it is been disabled forever, might that is not available by default, so to
confirm you search for packages that are providing such commands and install it.

Regards
Vijay
29-SEP-2006 04:43:11 	Gupta, Vijay
Status changes from "Open" to "Waiting on Customer".
29-SEP-2006 04:27:42 	Jan Kjellberg
this is merely a question that we need to have answered.
 
We have downloaded the RHEL 5 beta1 enterprise client and installed it, we have
tried to enable the r*commands such as rlogin rdist rsync and so on, but we have
been unsuccessful.
 
 Is this something that won't work in future releases of RHEL workstations ?
 We are still dependent of this functionality in our environment that consists
of several other unix/linux os platforms.
Comment 2 Adam Tkac 2006-11-07 09:11:03 EST
(In reply to comment #1)

oh, it's really full-range comment... First, do you have configured rsh
correctly?? In file /etc/xinitd.d/rlogin option disable = no
Comment 3 Robin Music 2006-11-07 09:16:14 EST
hi,
the service was enabled and the xinetd was restarted,

 chkconfig rlogin on
 service xinetd restart
Comment 4 Adam Tkac 2006-11-07 09:29:35 EST
oh, I think you don't have configured /root/.rhost (NOT /root/.rhosts) correctly.

type ro /root/.rhost
  [IP_address] [login]

and user [login] from [IP_address] can access as root.

$rlogin -l root [ip]

If this not works, please attach your /root/.rhost, /etc/xinitd.d/rlogin and
/etc/securetty files
Comment 5 Robin Music 2006-11-07 09:48:54 EST
It doesn't work

[root@lj003 distros]# ssh lxws1002

[root@lxws1002 ~]# cat /etc/securetty
rexec
rsh
rlogin
console
pts/0
pts/1
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11

[root@lxws1002 ~]# cat /etc/xinetd.d/rlogin 
# default: on
# description: rlogind is the server for the rlogin(1) program.  The server \
#       provides a remote login facility with authentication based on \
#       privileged port numbers from trusted hosts.
service login
{
        disable = no
        socket_type             = stream
        wait                    = no
        user                    = root
        log_on_success          += USERID
        log_on_failure          += USERID
        server                  = /usr/sbin/in.rlogind
}

[root@lxws1002 ~]# cat ~/.rhost
lxws1000 root
lxws1000.got.volvo.net root
spf01 root
spf01.got.vtc.volvo.se root
[root@lxws1002 ~]# 
Comment 6 Adam Tkac 2006-11-14 05:49:37 EST
your configuration looks ok. Make sure if your firewall doesn't block port 543
(544). This could be a problem
Comment 7 Robin Music 2006-11-14 06:42:20 EST
I'm a little bit confused, please explain what you mean with firewall.

Are you refering to the Selinux/firewall on the beta client?
Are you refering to the port being forwarded by the LAN hardware ?

Are you refering to the firewall shielding the Volvo Corporate Network vs 
Internet ?

Has the rlogin port on RHEL 5 Beta 1 changed versus RHEL 3.x & 4.x ?


Because if you try to use rlogin from a client running Fedora Core 4,5,6, RHEL 
3.x & 4.x to connecto to a client running RHEL5b1, it doesn't work.

But you can use rlogin between any client running Fedora Core 4,5,6, RHEL 3.x & 
4.x.


Which firewall are you refering to, please explain.
Comment 8 Adam Tkac 2006-11-14 06:53:01 EST
I tried access from fc6 machine to fc6 machine with rsh 0.17-37.fc6 (same
package is 0.17-37.el5 in RHEL-5). When I turn firewall (selinux/firewall) on on
server side with default settings, I can't connect (exception "No route to
host"). When I turned off firewall (on server), all works fine. If problem isn't
here, please write me what exactly rsh writes.
Comment 9 Robin Music 2006-11-14 11:20:25 EST
Hi, this is the error output from rlogin,

[root@lxws1002 ~]# rlogin lxws1004
connect to address 131.97.91.252 port 543: Connection refused
Trying krb4 rlogin...
connect to address 131.97.91.252 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Password: 
Login incorrect





also, I would like to know how come that you nowdays have to use the ~/.rhost 
file ? There was no need for that file in the previous versions of RHEL 3.x 4.x.

Kindest regards.
Comment 10 Karel Zak 2006-11-15 04:24:14 EST
Which version of rsh are you running? (rpm -q rsh rsh-server)

You need version >= 0.17-36 -- previous RHEL5 version is pretty broken. See
also: http://people.redhat.com/kzak/docs/rsh-rlogin-howto.html 
Comment 11 Robin Music 2006-11-15 05:29:36 EST
on the RHEL5beta1 client the version is 0.17-35 for both rsh & rsh-server

on the RHEL5beta1 server the version is 0.17-34.1 for both rsh & rsh-server

You can use rlogin on the server which has version 0.17-34.1 but you can't 
rlogin to the client which has version 0.17-35

I have seen the howto at http://people.redhat.com/kzak/docs/rsh-rlogin-
howto.html 

Is there another beta client out now for server and client with a newer version 
of rsh*.rpm on it ?
Kindest regards
Robin Music
Comment 12 Robin Music 2006-11-15 05:29:56 EST
on the RHEL5beta1 client the version is 0.17-35 for both rsh & rsh-server

on the RHEL5beta1 server the version is 0.17-34.1 for both rsh & rsh-server

You can use rlogin on the server which has version 0.17-34.1 but you can't 
rlogin to the client which has version 0.17-35

I have seen the howto at http://people.redhat.com/kzak/docs/rsh-rlogin-
howto.html 

Is there another beta client out now for server and client with a newer version 
of rsh*.rpm on it ?
Kindest regards
Robin Music
Comment 13 Adam Tkac 2006-11-15 05:47:37 EST
package >= 0.17-36 will be avaliable in rhel-5-beta-2. If you can't wait for
this package, you can use package from fc-6. This problem is fixed here.
(http://download.fedora.redhat.com/pub/fedora/linux/core/6/i386/os/Fedora/RPMS/)

Note You need to log in before you can comment on or make changes to this bug.