Re: rsh busted? [solved]
On Mon, 27 Jun 2016 18:06:52 -0400 Tom Horsley wrote: > But when I get on another system and try to rsh in, > it always tells me "no route to host". Anyone have > a clue what else to check? DOH! I merely remembered turning off the firewall, but I apparently didn't actually do it :-). It works fine now with no firewall (but it took a long time to finally recheck something I was absolutely positive I had already done). -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsh busted?
On 06/27/2016 05:51 PM, Tom Horsley wrote: > On Mon, 27 Jun 2016 17:38:29 -0700 > Joe Zeff wrote: > >> OK, that rules out everything except the two machines involved. Can you >> use rsh from a different box or connect from the first one to a >> different one? > > I've been experimenting, and it is very weird. > > Apparently I can rsh to or from anything unless both the > source and target are fedora 24 machines, then I get > the no route to host error. (One machine being f24, > no problem, two, and no route to host). > > Worse yet, I've checked and I did turn off selinux, so > it isn't selinux. > > The machine I'm trying to reach is on a different subnet, > so there is some firewall magic in the gateways and routers > and wot-not to arrange for the reverse rsh connections > to work, but other machines I can rsh into are on that > same subnet, so the firewall magic must be working. And > two f24 machines inside that subnet also cannot rsh to > each other, and they wouldn't even need the routing magic. > > Maybe I'll break out wireshark tomorrow and compare a > working rsh to a broken rsh. > > Or perhaps at some point it will be simpler to find all > the rsh calls in the 47 gazillion lines of test scripts > and make them use ssh instead :-). Uh, just for giggles, rsh between two F24s and check the logs of the target F24 machine. It may be that rsh is generating a FQDN of the sending machine that doesn't match what you have in the .rhosts of the target machine (and vice versa). I've seen this sorta weirdness before with LDAP "host" records. Perhaps the same thing is going on with rsh. Also make SURE you don't have firewalls between the two F24 machines by looking at "iptables -L -n". -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- -First Law of Work: - -If you can't get it done in the first 24 hours, work nights.- -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsh busted?
On Mon, 27 Jun 2016 17:38:29 -0700 Joe Zeff wrote: > OK, that rules out everything except the two machines involved. Can you > use rsh from a different box or connect from the first one to a > different one? I've been experimenting, and it is very weird. Apparently I can rsh to or from anything unless both the source and target are fedora 24 machines, then I get the no route to host error. (One machine being f24, no problem, two, and no route to host). Worse yet, I've checked and I did turn off selinux, so it isn't selinux. The machine I'm trying to reach is on a different subnet, so there is some firewall magic in the gateways and routers and wot-not to arrange for the reverse rsh connections to work, but other machines I can rsh into are on that same subnet, so the firewall magic must be working. And two f24 machines inside that subnet also cannot rsh to each other, and they wouldn't even need the routing magic. Maybe I'll break out wireshark tomorrow and compare a working rsh to a broken rsh. Or perhaps at some point it will be simpler to find all the rsh calls in the 47 gazillion lines of test scripts and make them use ssh instead :-). -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsh busted?
On 06/27/2016 05:30 PM, Tom Horsley wrote: Oh yes. ssh works, ping works, everybody has a route to the host except rsh. OK, that rules out everything except the two machines involved. Can you use rsh from a different box or connect from the first one to a different one? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsh busted?
On Mon, 27 Jun 2016 17:01:57 -0700 Joe Zeff wrote: > Can you ping the host? Oh yes. ssh works, ping works, everybody has a route to the host except rsh. I'm pretty sure it is selinux. I remember it broke rsh in previous releases and I don't remember turning it off on the test machines. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsh busted?
On 06/27/2016 03:06 PM, Tom Horsley wrote: But when I get on another system and try to rsh in, it always tells me "no route to host". Anyone have a clue what else to check? Can you ping the host? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsh busted?
On Mon, 27 Jun 2016 15:54:51 -0700 Gordon Messmer wrote: > Use firewall-cmd to open the rsh port? There is no firewall running, but now that I think about it, I may have neglected to disable selinux. It always breaks rsh. I'll have to check that tomorrow. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsh busted?
On 06/27/2016 03:06 PM, Tom Horsley wrote: But when I get on another system and try to rsh in, it always tells me "no route to host". Anyone have a clue what else to check? Use firewall-cmd to open the rsh port? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
rsh busted?
1. The first person to lecture me about rsh and security gets shot :-). 2. On fedora 24, I can't get some test scripts to run which have used rsh since time first fell upon the face of the earth (and they are behind a firewall on a local network anyway). I've installed rsh and rsh-server on all the boxes, I've enabled rsh.socket. If I run rsh to localhost, it works fine. The test user has a ~/.rhosts file with all the names of all the systems mentioned as valid. But when I get on another system and try to rsh in, it always tells me "no route to host". Anyone have a clue what else to check? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org