[Beowulf] passwordless rsh/ssh
Robert G. Brown
rgb at phy.duke.edu
Fri Jun 24 09:09:22 PDT 2005
David Mathog writes:
> How about a positive control. Do any of you have access to
> a Mandrake 10.0 (or other similar linux release that
> obtains in.rshd from a package "rsh-server-0.17-13")?
> Does rsh -l work there?
One other question -- is there some reason you're attached to Mandrake?
I mean, you have a choice of e.g. RHEL, Centos (RH-logo stripped RHEL),
FC (development RHEL), SEL (RH-logo stripped RHEL with scientific
enhancements), Caosity (RH-free linux), Debian (RPM-free linux),
SuSE,... and a cast of thousands more including e.g. linux at duke linux
and clemson linux and some other university linuces.
Most of these will reinstall over a linux host by lessee, creating a
kickstart file (two hours of work, tops), altering a dhcpd.conf entry,
creating a /tftpboot PXE entry, and rebooting. Once the kickstart file
is built, in other words, they'll install over a node or LAN workstation
in five or ten minutes, all but thirty seconds of which is spent waiting
(so you can do thirty or so in parallel and finish in twenty minutes).
I expect that this would fix your problem all by itself, and would
probably take less time than messing with something obviously broken in
BTW, did you ever look into /etc/securetty? At least read man securetty
to be sure you aren't getting nailed by this. This has exactly the
right "flavor" for your bug -- a file that nobody ever checks and only
Old People remember exists at all, that is setup according to some
designer's whim (likely based on some personal anecdotal experience of
getting burned by a root rsh cracking attempt), and that is used by
"login" to determine if root and only root is permitted to make a
connection. So rsh itself works to spawn a shell command (no login) but
things with the -l flag are shunted through login and bomb, all because
rsh is connected to pty's instead of tty's.
You might try adding pts/0...pts/10 or the like to this file and see if
it doesn't fix your problem, although I'd still suggest changing
> David Mathog
> mathog at caltech.edu
> Manager, Sequence Analysis Facility, Biology Division, Caltech
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Beowulf