On Wed, Jan 21, 2009 at 11:06 AM, Faye Gibbins <[email protected]> wrote:
> Yes rsh is a pain to setup. Please, please, please think about either: > > ssh We are having some problems with ssh also. What we need is to have the compute nodes passwordless to the host and each other. Unfortunately, when we use ssh to connect from outside to the host and then onto a node (there is no access to the nodes except via the host) the keys setup for host+nodes do not work. Setting up sets of keys for all the machines that might be used to access the host does not seem right. Is there an rsh-type solution of just entries/keys for the host+nodes? > or kerberosized rsh. We were starting first with the simple solution. There is no intention of using rsh to connect from outside to the host. As much security as we can find is disabled on the compute nodes to avoid problems for people wanting to compute and so anyone that can access the host has open access to the nodes. However, we obviously want normal security levels on the host for people connecting from outside. > Check that your hosts.allow file is setup correctly on the server and that > is can resolve properly, Both allow and deny are empty. We tried ALL: ALL but it made no difference. > also that rsh can open a channel back from the server to the client (yes this > does > happen). I believe this is a significant possibility. Can you suggest a quick route to find out what is happening, what ports are being used and other relevant information? > Comparing the setup on horst2 to that on meyer should show what the > differnce is. There is no difference in behaviour although one is an SL5.1/x86_64 machine and the other is an SL5.2/i386. Neither machine can rsh to the other without disabling their own firewall. We had briefly looked at a 5 year old Suse machine that had rsh working. Rlogin works with no problems. Rsh: [a...@meyer ~]$ /usr/bin/rsh -l andy dirac date poll: protocol failure in circuit setup a...@dirac:~> rsh -l andy meyer date Wed Jan 21 12:40:21 CET 2009 Again, the problem seems to be with the firewall on the client machine. Thanks for the input.
