rsh problem

List overview All Threads
Download

newer

older

moving disks from one shelf to...

Using Subinacl for CIFS ACL changes

David McWilliams

3 Aug 2007 3 Aug '07

1:06 p.m.

I'm trying to configure rsh access for some remote scripts I'm writing and I getting the following;

Permission denied to rsh request from root at host 10.4.27.17 IP address 10.4.27.17

I've got the following options set;

rsh.access host=10.4.27.17 rsh.enable on trusted.hosts *

Any ideas anyone?

-- Sláinte, David Checkout the, sometimes updated, McWilliams family website @ http://davidmcw.tripod.com Get a safer, faster, better web browser @ http://www.mozilla.org/products/firefox/

Attachments:

attachment.html (text/html — 1.4 KB)

Show replies by date

tmac

3 Aug 3 Aug

1:41 p.m.

pretty sure you *still* need an entry in the /etc/hosts.equiv file.

Not sure if this is a bug or not. I always hoped that by using the rsh.access you would not need the the file...but alas, you do.

On 8/3/07, David McWilliams davidkmcw@gmail.com wrote:

...

I'm trying to configure rsh access for some remote scripts I'm writing and I getting the following;

Permission denied to rsh request from root at host 10.4.27.17 IP address 10.4.27.17

I've got the following options set;

rsh.access host=10.4.27.17 rsh.enable on trusted.hosts *

Any ideas anyone?

-- Sláinte,

David

Checkout the, sometimes updated, McWilliams family website @ http://davidmcw.tripod.com

Get a safer, faster, better web browser @ http://www.mozilla.org/products/firefox/

-- --tmac RedHat Certified Engineer

Stephen C. Losen

2:37 p.m.

...

pretty sure you *still* need an entry in the /etc/hosts.equiv file.

Not sure if this is a bug or not. I always hoped that by using the rsh.access you would not need the the file...but alas, you do.

The hosts.equiv file adds extra functionality. It lets you allow non-root local users to rsh to the filer. Use a line like this:

hostname username

This will allow username@hostname to rsh to the filer as root.

rsh filer -l root command

If you do not specify the username (the usual case) then the local username must match the remote (filer) username, which is almost always "root" on both sides.

Steve Losen scl@virginia.edu phone: 434-924-0640

University of Virginia ITC Unix Support

Stephen C. Losen

1:47 p.m.

...

I'm trying to configure rsh access for some remote scripts I'm writing and I getting the following;

Permission denied to rsh request from root at host 10.4.27.17 IP address 10.4.27.17

I've got the following options set;

rsh.access host=10.4.27.17 rsh.enable on trusted.hosts *

Any ideas anyone?

You also need to edit /vol/vol0/etc/hosts.equiv and put in a line for 10.4.27.17

Steve Losen scl@virginia.edu phone: 434-924-0640

University of Virginia ITC Unix Support

Chris Thompson

1:52 p.m.

davidkmcw@gmail.com (David McWilliams) writes:

...

I'm trying to configure rsh access for some remote scripts I'm writing and I getting the following;

Permission denied to rsh request from root at host 10.4.27.17 IP address 10.4.27.17

I've got the following options set;

rsh.access host=10.4.27.17 rsh.enable on trusted.hosts *

Any ideas anyone?

What (if anything) is in your /etc/hosts.equiv? That is checked after the rsh.* option controls, unless the "-l user:password" form of rsh is used.

-- Chris Thompson Email: cet1@cam.ac.uk

David McWilliams

1:59 p.m.

/etc/hosts.equiv fixed it. Thanks

-- Sláinte, David Checkout the, sometimes updated, McWilliams family website @ http://davidmcw.tripod.com Get a safer, faster, better web browser @ http://www.mozilla.org/products/firefox/ On 8/3/07, Chris Thompson cet1@cus.cam.ac.uk wrote: > > davidkmcw@gmail.com (David McWilliams) writes: > > > > I'm trying to configure rsh access for some remote scripts I'm writing > and I > > getting the following; > > > > Permission denied to rsh request from root at host 10.4.27.17 IP address > > 10.4.27.17 > > > > I've got the following options set; > > > > rsh.access host=10.4.27.17 > > rsh.enable on > > trusted.hosts * > > > > Any ideas anyone? > > What (if anything) is in your /etc/hosts.equiv? That is checked after > the rsh.* option controls, unless the "-l user:password" form of rsh > is used. > > -- > Chris Thompson > Email: cet1@cam.ac.uk >

Miller, Michael CTR USTRANSCOM J2

4:23 p.m.

You should think about using SSH instead. Configured correctly it works the same as rsh and is safer.

Mike Miller General Dynamics Information Technology Michael.Miller.ctr@ustranscom.mil Michael.Miller@gdit.com Phone: 618-229-1428

-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of David McWilliams Sent: Friday, August 03, 2007 8:06 AM To: NetApp list Subject: rsh problem

I'm trying to configure rsh access for some remote scripts I'm writing and I getting the following;

Permission denied to rsh request from root at host 10.4.27.17 IP address 10.4.27.17 http://10.4.27.17

I've got the following options set;

rsh.access host=10.4.27.17 rsh.enable on trusted.hosts *

Any ideas anyone?

-- Sláinte,

David

Checkout the, sometimes updated, McWilliams family website @ http://davidmcw.tripod.com

Get a safer, faster, better web browser @ http://www.mozilla.org/products/firefox/

Leeds, Daniel

4:55 p.m.

just curious why you would be using rsh for a new set of scripts since ssh now ships with ontap.

-- Daniel Leeds Senior Systems Administrator Edmunds.com

-----Original Message----- From: owner-toasters@mathworks.com on behalf of David McWilliams Sent: Fri 8/3/2007 6:06 AM To: NetApp list Subject: rsh problem

I'm trying to configure rsh access for some remote scripts I'm writing and I getting the following;

Permission denied to rsh request from root at host 10.4.27.17 IP address 10.4.27.17

I've got the following options set;

rsh.access host=10.4.27.17 rsh.enable on trusted.hosts *

Any ideas anyone?

-- Sláinte, David Checkout the, sometimes updated, McWilliams family website @ http://davidmcw.tripod.com Get a safer, faster, better web browser @ http://www.mozilla.org/products/firefox/

David McWilliams

7:27 p.m.

Very good point, put it down to lazyness. Where do I put the RSA keys on the NetApp, so I don't get prompted for the password?

Leeds, Daniel

7:45 p.m.

say you wanted to assign a user on the netapp to create nightly oracle snapshots you would do the following to enable passwordless ssh access to the filer

1) secureadmin setup ssh - this will prompt you through ssh setup on the filer 2) use useradmin on the filer to create the role/group/user for oracle

useradmin role add oraclesnap -a login-ssh,cli-snap* useradmin group add oraclesnap -r oraclesnap useradmin user add oraclesnap -g oraclesnap

3) generate an ssh key for the user your script is running as on your unix/linux host, for this example we will call this user oracle

ssh-keygen -t dsa -b 1024 this will prompt you where to save the keys and a key password, just hit enter for the password do not use a password here. once done you will need a copy of the id_dsa.pub public key

4) on the filer create a user directory under /etc/sshd with the same name as the unix user above

mkdir -p /etc/sshd/oracle/.ssh now create the authorized_keys file in that new directory and paste the id_dsa.pub key into that file once complete your filer should have this /etc/sshd/oracle/.ssh/authorized_keys

5) ssh from the unix host as the oracle user and start issuing commands, ssh filer snap list myvolume

voila.

of course change the example for your environment, command access etc

--daniel

-- Daniel Leeds Senior Systems Administrator Edmunds.com

-----Original Message----- From: David McWilliams [mailto:davidkmcw@gmail.com] Sent: Fri 8/3/2007 12:27 PM To: Leeds, Daniel Cc: NetApp list Subject: Re: rsh problem

Very good point, put it down to lazyness. Where do I put the RSA keys on the NetApp, so I don't get prompted for the password?

David McWilliams

7:51 p.m.

Cheers Daniel and to all that responded.

-- Sláinte, David Checkout the, sometimes updated, McWilliams family website @ http://davidmcw.tripod.com Get a safer, faster, better web browser @ http://www.mozilla.org/products/firefox/ On 8/3/07, Leeds, Daniel dleeds@edmunds.com wrote: > > > say you wanted to assign a user on the netapp to create nightly oracle > snapshots you would do the following to enable passwordless ssh access to > the filer > > 1) secureadmin setup ssh - this will prompt you through ssh setup on the > filer > 2) use useradmin on the filer to create the role/group/user for oracle > > useradmin role add oraclesnap -a login-ssh,cli-snap* > useradmin group add oraclesnap -r oraclesnap > useradmin user add oraclesnap -g oraclesnap > > 3) generate an ssh key for the user your script is running as on your > unix/linux host, for this example we will call this user oracle > > ssh-keygen -t dsa -b 1024 > this will prompt you where to save the keys and a key password, just > hit enter for the password do not use a password here. once done you will > need a copy of the id_dsa.pub public key > > 4) on the filer create a user directory under /etc/sshd with the same name > as the unix user above > > mkdir -p /etc/sshd/oracle/.ssh > now create the authorized_keys file in that new directory and paste the > id_dsa.pub key into that file > once complete your filer should have this > /etc/sshd/oracle/.ssh/authorized_keys > > 5) ssh from the unix host as the oracle user and start issuing commands, > ssh filer snap list myvolume > > voila. > > of course change the example for your environment, command access etc > > --daniel > > -- > Daniel Leeds > Senior Systems Administrator > Edmunds.com > > > > -----Original Message----- > From: David McWilliams [mailto:davidkmcw@gmail.com davidkmcw@gmail.com] > Sent: Fri 8/3/2007 12:27 PM > To: Leeds, Daniel > Cc: NetApp list > Subject: Re: rsh problem > > Very good point, put it down to lazyness. Where do I put the RSA keys on > the > NetApp, so I don't get prompted for the password? > > -- > Sláinte, > > David > > Checkout the, sometimes updated, McWilliams family website @ > http://davidmcw.tripod.com > > Get a safer, faster, better web browser @ > http://www.mozilla.org/products/firefox/ > > On 8/3/07, Leeds, Daniel dleeds@edmunds.com wrote: > > > > just curious why you would be using rsh for a new set of scripts since > > ssh now ships with ontap. > > > > > > -- > > Daniel Leeds > > Senior Systems Administrator > > Edmunds.com > > > > > > > > -----Original Message----- > > From: owner-toasters@mathworks.com on behalf of David McWilliams > > Sent: Fri 8/3/2007 6:06 AM > > To: NetApp list > > Subject: rsh problem > > > > I'm trying to configure rsh access for some remote scripts I'm writing > and > > I > > getting the following; > > > > Permission denied to rsh request from root at host 10.4.27.17 IP address > > 10.4.27.17 > > > > I've got the following options set; > > > > rsh.access host=10.4.27.17 > > rsh.enable on > > trusted.hosts * > > > > Any ideas anyone? > > > > -- > > Sláinte, > > > > David > > > > Checkout the, sometimes updated, McWilliams family website @ > > http://davidmcw.tripod.com > > > > Get a safer, faster, better web browser @ > > http://www.mozilla.org/products/firefox/ > > > > > >

Stephen C. Losen

8:17 p.m.

...

Very good point, put it down to lazyness. Where do I put the RSA keys on the NetApp, so I don't get prompted for the password?

-- Sláinte,

David

/vol/vol0/etc/sshd/root/.ssh/authorized_keys

A public key file generated by openssh should work.

Steve Losen scl@virginia.edu phone: 434-924-0640

University of Virginia ITC Unix Support

6402

Age (days ago)

6402

Last active (days ago)

toasters@lists.teaparty.net

11 comments

6 participants

tags (0)

participants (6)

Chris Thompson
David McWilliams
Leeds, Daniel
Miller, Michael CTR USTRANSCOM J2
Stephen C. Losen
tmac