引用:http://xingjing-cn.spaces.live.com/blog/cns!73879567D05217A7!490.entry
rsh 无密码互通
搞机群有段日子了,每次遇到rsh无密码互通设置时总是费些时间,今天索性发狠把所有相关的资料找出来,给自己个方便,也方便些他人吧。
下面的文章是在别人的基础上改的,原文参见"在linux下实现两个节点的rlogin无密码互通" http://www.linuxdiyf.com/viewarticle.php?id=88174
1、检查有无安装rsh-server包
[root@racnode1 ~]# rpm -qa rsh-server
2、 安装rsh-server包
[root@racnode1 package]# rpm -ivh rsh-server-0.17-25.4.i386.rpm
/*这里说明一下,对于有些系统是没有xientd的,需要自己安装好,比如我在fedora4 x86_64上需要的两个rpm为:xinetd-2.3.13-6.x86_64.rpm 和rsh-server-0.17-29.x86_64.rpm。这里下载比较好http://rpm2html.osmirror.nl/,或者直接google之.安装过程自然是先xinetd,后rsh-server*/
也可以使用 yum install rsh-server进行安装,更方便
3、修改cd /etc/xinetd.d/目录下的rlogin,将disable= yes改为disable= no
[root@racnode1 package]# vi /etc/xinetd.d/rlogin
# default: on
# description: rlogind is the server for the rlogin(1) program. The server /
# provides a remote login facility with authentication based on /
# privileged port numbers from trusted hosts.
service login
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
disable = no
}
4、同样修改cd /etc/xinetd.d/目录下的rsh,将disable= yes改为disable= no
[root@racnode1 package]# vi /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, /
# consequently, for the rsh(1) program. The server provides /
# remote execution facilities with authentication based on /
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}
/*事实上在/etc/xinetd.d/这个文件价还有挺多种rsh的配置文件,安全性要求不高的话索性把所有的rsh相关的disable=yes改成disable=no*/
4+1、
/*有人说做以下两件事和直接改上述几个文件功能相同,有兴趣的可以试试*/
/sbin/chkconfig rlogin on
/sbin/chkconfig rsh on
4+2、
/*如果下面重启xinetd有问题可以再改以下文件*/
/etc/pam.d/rsh
将其中的这一行:auth required pam_rhosts_auth.so
改为:auth required pam_rhosts_auth.so promiscuous
同时可以再加入以下两行内容:
auth required pam_rootok.so
auth sufficient pam_rhosts_auth.so no_hosts_equiv
5、重启xinetd服务
[root@racnode1 package]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
6、重启xinetd服务
将rexec、rlogin、rsh加入到/etc/securetty
[root@racnode1 ~]# echo "rexec" >> /etc/securetty
[root@racnode1 ~]# echo "rlogin" >> /etc/securetty
[root@racnode1 ~]# echo "rsh" >> /etc/securetty
7、添加/etc/hosts.equiv
/*这个操作似乎没有必要用也可以正常工作的*/
vi /etc/hosts.equiv
racnode1
racnode2
priv1
priv2
crs_vip1
crs_vip2
[root@racnode1 package]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 racnode1 localhost.localdomain localhost
192.168.6.251 racnode1
192.168.6.252 racnode2
10.1.1.1 priv1
10.1.1.2 priv2
192.168.6.253 crs_vip1
192.168.6.254 crs_vip2
~
8、添加.rhosts
[root@racnode1 package]# vi ~/.rhosts
racnode1 root
racnode2 root
priv1 root
priv2 root
~
通过以上配置就可以实现无密码互通了
9、在使用rsh或rlogin到另一个节点时有如下提示:
[root@racnode1 init.d]# rsh racnode2
connect to address 192.168.6.252: Connection refused
Trying krb4 rlogin...
connect to address 192.168.6.252: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Last login: Mon Apr 21 14:36:32 from racnode1
You have new mail.
[root@racnode2 ~]#
[root@racnode1 init.d]# rlogin racnode2
connect to address 192.168.6.252: Connection refused
Trying krb4 rlogin...
connect to address 192.168.6.252: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Last login: Mon Apr 21 14:42:17 from racnode1
You have new mail.
[root@racnode2 ~]#
查看默认rlogin使用的安装包
[root@racnode1 init.d]# rpm -qf `which rlogin`
krb5-workstation-1.3.4-27
[root@racnode1 init.d]#
[root@racnode2 ~]# rpm -qf `which rsh`
krb5-workstation-1.3.4-27
[root@racnode2 ~]#
/*这个krb确实很烦人,不好设而且normal可以了也总是要先用这个krb的rlogin,所以如果没有什么好方法还是把它屏蔽掉,或者在环境变量中将/usr/kerberos/bin放在后面,或者直接吧krb版本的rsh直接改名不用就是了。*/
解决方法:1、将默认的rlogin和rsh改名
[root@racnode2 ~]# which rsh
/usr/kerberos/bin/rsh
[root@racnode2 ~]# mv /usr/kerberos/bin/rsh /usr/kerberos/bin/rsh.original
[root@racnode2 ~]# mv /usr/kerberos/bin/rlogin /usr/kerberos/bin/rlogin.original
[root@racnode2 ~]# mv /usr/kerberos/bin/rcp /usr/kerberos/bin/rcp.original
[root@racnode2 ~]#
2、删除包krb5-workstation-1.3.4-27
[root@racnode2 ~]# rpm -e krb5-workstation-1.3.4-27