barrett@crabcake.cs.JHU.EDU (06/23/89)
Dear Wizards: I am totally mystified by something happening on our UNIX systems. The behavior involves "rsh/rcp/rlogin" and machine permissions, and I feel like I've tried everything. Can anyone help? (If so, please respond by E-MAIL only.) I have two DEC VS2000 workstations, "vs1" and "vs2", configured almost identically. I also have a VAX called "myHost". (These are made-up names to simplify this explanation.) All these machines are running ULTRIX 2.0. The weird behavior is this: when I type "rsh myHost who" from my two workstation accounts, vs1 executes the command just fine, but vs2 says "Permission denied." Now before you say "Oh, that's OBVIOUS!", consider this: * BOTH vs1 and vs2 have their fully-qualified names, and all nicknames, in the following files on myHost: /etc/hosts.equiv /etc/hosts.lpd /etc/exports (for NFS) * I have NO .rhosts files in any of the 3 accounts. * My username is the same on all three machines. * The problem has nothing to do with user ID number (I checked this extensively). * All three machine have identical /etc/hosts files. * My .cshrc file on myHost has no errors in it (to cause "rsh" to bomb out). * This problem happens to other users in my situation (same 3 accounts), not just to me. * I removed all files in my home directories on vs1 and vs2, and the problem did not change. At the moment, I believe the problem is not caused by anything I did, but by some system file or program that says "yes" to vs1 and "no" to vs2... but I have run out of places to look. Can anyone help? Please respond by E-MAIL only... thanks! Dan ############################################################################# # Dan Barrett barrett@cs.jhu.edu (128.220.13.4) ARPANET # # ins_adjb@jhuvms.bitnet BITNET # # ins_adjb@jhunix.UUCP UUCP (unreliable) # # Dept. of Computer Science, Johns Hopkins University, Baltimore, MD 21218 # ############################################################################# ps: In reality, "vs1" is really four different workstations that exhibit this behavior, and "vs2" represents six more.
pinkas@hobbit.intel.com (Israel Pinkas ~) (06/23/89)
I am posting so that others might learn. I will send mail to Dan, as he requested. In article <20086@adm.BRL.MIL> barrett@crabcake.cs.JHU.EDU writes: > The weird behavior is this: when I type "rsh myHost who" from my > two workstation accounts, vs1 executes the command just fine, but vs2 says > "Permission denied." Now before you say "Oh, that's OBVIOUS!", consider > this: > * BOTH vs1 and vs2 have their fully-qualified names, and all > nicknames, in the following files on myHost: > > /etc/hosts.equiv > /etc/hosts.lpd > /etc/exports (for NFS) /etc/hosts.equiv performs the same function as ~/.rhosts. It tells the system which hosts are to be trusted. When a host listed in /etc/hosts.equiv connects, the daemon assumes that similarusernames on both machines are allowed to connect. ~/.rhosts lists machines and users that are allowed to connect to this account. In your setup, having vs1 in the hosts.equiv on myhost doesn't help. What would happen if I put the name of your machine in my hosts.equiv and su'ed to barrett. I would then be able to connect to your account without a password. Make sure that all three machines have the other two in their hosts.equiv. This should solve the problem. -Israel Pinkas -- -------------------------------------- Disclaimer: The above are my personal opinions, and in no way represent the opinions of Intel Corporation. In no way should the above be taken to be a statement of Intel. UUCP: {amdcad,decwrl,hplabs,oliveb,pur-ee,qantel}!intelca!mipos3!cadev4!pinkas ARPA: pinkas%cadev4.intel.com@relay.cs.net CSNET: pinkas@cadev4.intel.com
jik@athena.mit.edu (Jonathan I. Kamens) (06/24/89)
In article <PINKAS.89Jun22152652@hobbit.intel.com> pinkas@hobbit.intel.com (Israel Pinkas ~) writes: >I am posting so that others might learn. I will send mail to Dan, as he >requested. This would make sense if your answer were correct, but, as far as I can tell, it is not. Feel free to correct me if I am wrong (I am, after all, feeling free to correct you :-). >In article <20086@adm.BRL.MIL> barrett@crabcake.cs.JHU.EDU writes: > >> The weird behavior is this: when I type "rsh myHost who" from my >> two workstation accounts, vs1 executes the command just fine, but vs2 says >> "Permission denied." Now before you say "Oh, that's OBVIOUS!", consider >> this: >> * BOTH vs1 and vs2 have their fully-qualified names, and all >> nicknames, in the following files on myHost: >> >> /etc/hosts.equiv >> /etc/hosts.lpd >> /etc/exports (for NFS) > > ... > >In your setup, having vs1 in the hosts.equiv on myhost doesn't help. What >would happen if I put the name of your machine in my hosts.equiv and su'ed >to barrett. I would then be able to connect to your account without a >password. The machine accepting the rlogin/rsh connection is the machine that gets to decide whether or not to trust the username without the password. Therefore, the .rhosts or hosts.equiv entry must appear on the machine accepting the connection, not the machine initiating it. I do not think you read the original question carefully -- in it, the person asking the question said that he was typing the rsh command *from* vs1 and vs2 *to* myHost. Therefore, myHost *is* the correct machine on which to place the hosts.equiv or .rhosts entries. I suspect you thought he was trying to do an rsh to vs1 and vs2 from myHost, in which case your answer would have been correct. I read his question the same way the first time and thought of the same answer, because it is worded a bit confusingly, but I went back and read it again and realized the error of my ways :-) Jonathan Kamens USnail: MIT Project Athena 432 S. Rose Blvd. jik@Athena.MIT.EDU Akron, OH 44320 Office: 617-253-4261 Home: 216-869-6432