1. Enable the Remote Shell
2. Disable Kerberos version of rsh (on RH Linux)
3. Allow a connection to the remote host without prompting for a password
4. Test a remote connection
a) let's see if the rsh RPMs are installed:
[root@MW ~]# rpm -q rsh rsh-server
rsh-0.17-25.4
rsh-server-0.17-25.4
rsh-0.17-25.4
rsh-server-0.17-25.4
b) enable rsh (also rlogin)
Modify /etc/xinetd.d/rsh in order to have disable = no :
[root@MW ~]# more /etc/xinetd.d/rsh
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}
c) reload the configuration for xinetd :
# chkconfig rsh on
# chkconfig rlogin on (if needed)
# service xinetd reload
By default RHL use the Kerberos version of rsh.
[root@DB ~]# which rsh
/usr/kerberos/bin/rsh
[root@DB ~]# mv /usr/kerberos/bin/rsh /usr/kerberos/bin/rsh.ini
[root@DB ~]# mv /usr/kerberos/bin/rlogin /usr/kerberos/bin/rlogin.ini
[root@DB ~]# mv /usr/kerberos/bin/rcp /usr/kerberos/bin/rcp.ini
[root@DB ~]# which rsh
/usr/bin/rsh
[root@DB ~]#
/usr/kerberos/bin/rsh
[root@DB ~]# mv /usr/kerberos/bin/rsh /usr/kerberos/bin/rsh.ini
[root@DB ~]# mv /usr/kerberos/bin/rlogin /usr/kerberos/bin/rlogin.ini
[root@DB ~]# mv /usr/kerberos/bin/rcp /usr/kerberos/bin/rcp.ini
[root@DB ~]# which rsh
/usr/bin/rsh
[root@DB ~]#
Supposing from the HOST MW (connected as mw ) we have to connect as oracle on the HOST APPS.
The /etc/hosts.equiv and ~/.rhosts files list hosts and users that are trusted by the local host when a connection is made using the rshd service. If the connection is trusted we don't need a password for this connection.
So, on /etc/hosts.equiv (on the APPS host name) we have to add:
+mw mw
That means: From the host named MW, the user mw can connect to the APPS server (as trusted user; as oracle, etc).
If in the ~/.rhosts (for the oracle user, on the APPS server) we have
+mw user1
that means only the user user1 from the host named mw can connect as oracle on the APPS server (as trusted user).
[mw@MW ~]$ rsh -l applmgr apps echo `date`
Thu Apr 3 01:29:49 BST 2008
[mw@MW ~]$
Thu Apr 3 01:29:49 BST 2008
[mw@MW ~]$
I connect to the remote apps host as applmgr and I run one command (echo `date`).
No comments:
Post a Comment