本文轉貼於:http://space.itpub.net/8797129/viewspace-692501
rsh (remoteshell)
要配置无密码的rsh,有多种方法。例如:你可以配置/etc/hosts.equiv或者为每个用户生成一个.rhosts文件。配置时候,通常是写入一个允许的远程计算机名(当然,/etc/hosts中应该有相应的IP),此计算机名应该和DataStage配置文件中的fastname相同。
如果要配置root用户的rsh无密码登陆,还需要vi /etc/securetty,在里面添加rsh rexec rlogin,如果非root用户,这一步可以省去
1首先确认机器是否安装rsh包:
[oracle@linux ~]$ rpm -aq |grep rsh
rsh-0.17-25.4
rsh-server-0.17-25.4
2: 修改/etc/xinetd.d/rsh脚本文件
[root@linux ~]# vi /etc/xinetd.d/rsh
rsh 属于xinetd服务,修改/etc/xinetd.d/rsh脚本文件文件中的选项
将disable 设置为no
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
# disable = yes
disable = no
}
3.重启rsh服务
[root@linux ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
4. 检查是否启动: rsh server 监听和TCP 是514。
[root@linux ~]# netstat -an |grep 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN
unix 3 [ ] STREAM CONNECTED 44514
5:配置rsh server
修改/etc/securetty文件: echo rsh >>/etc/securetty
如果打算用root作为rsh用户的话:
先用root登录到机器A中进行以下操作:
[root@linux ~]# echo "192.168.7.10 root" >>.rhosts //允许192.168.0.10 以root访问
[root@linux ~]# echo "192.168.7.15 root" >>.rhosts
重启rsh server.
.rhosts一般位于 rsh server服务器相对应账号目录下比如root(与.bash_profile在同一目录)
查看是否配置成功:
[root@linux ~]# more .rhosts
192.168.7.10 root
192.168.7.15 root(Windows的話是使用者帳號)
6:配置vi /etc/hosts,加入对方的IP和机器名(hostname)。机器名可以参考127.0.0.1一行。
[root@linux ~]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 linux localhost.localdomain localhost
192.168.7.15 linux #本机ip及机器名
192.168.7.10 hlht #远程服务器ip及机器名(Windows的話是電腦主機名稱)
7:配置vi /etc/hosts.equiv
[root@linux ~]# vi /etc/hosts.equiv
127.0.0.1 localhost
192.168.7.10 hlht
192.168.7.15 linux
8:到/etc/pam.d/目录下,把rsh文件中的auth required pam_securetty.so一行用“#”封掉即可(注意修改红色字体一行:加#)
[root@hlht ~]# cd /etc/pam.d
[root@hlht pam.d]# vi rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
#auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts_auth.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
9:重启rsh server.
[root@linux ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
10:测试和注意的问题:
登录到192.168.7.10机器进行测试
看是否能看到结果。如果看到
[oracle@linux ~]$ rsh -l oracle 192.168.7.10 ps -ef
connect to address 192.168.7.10: Connection refused
Trying krb4 rsh...
connect to address 192.168.7.10: Connection refused
trying normal rsh (/usr/bin/rsh)
Permission denied.
这是由于权权限问题,一般是由于 .rhosts没有配置正确。.rhosts一般位于
rsh server服务器相对应账号目录下比如root(与.bash_profile在同一目录)
如果看到
[root@linux pam.d]# rsh -l root 192.168.7.10 env|grep PATH
connect to address 192.168.7.10: Connection refused
Trying krb4 rsh...
connect to address 192.168.7.10: Connection refused
trying normal rsh (/usr/bin/rsh)
PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/bin:/bin
表示rsh配置成功,可以使用rcp进行远程拷贝。
留言列表
