ssh免密码登录配置和rsh部署
ssh配置:
在old-mail03上root需要无密码登录到new-mail03
new-mail03上:
mkdir /root/.ssh
chmod 700 /root/.ssh
cd /root/.ssh && touch authorized_keys && chmod 644 authorized_keys
vi authorized_keys(add old-mail03 root pub_key)
##配置好测试ssh是否可以无密码登录
rsh部署
1),修改dns nameserver 202.106.0.20
2),修改source.list 详见:http://tenderrain.blog.51cto.com/9202912/1701242
3),apt-get update
4),apt-get install rsh-server -y
apt-get install rsh-redone-server -y
apt-get install xinetd -y
vi /etc/hosts (add ip & rsh-client-hostname)
vi /etc/hosts.equiv (add rsh-client-hostname)
vi /root/.rhosts (rsh-client-hostname rsh-client-user)
vi /etc/xinetd.d/rsh 添加如下内容:
# default: on
# descrīption: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}
/etc/xinetd.d/rlogin
# default: on
# descrīption: rlogind is the server for the rlogin(1) program. The server \
# provides a remote login facility with authentication based on \
# privileged port numbers from trusted hosts.
service login
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
}
/etc/xinetd.d/rexec
# default: off
# descrīption: Rexecd is the server for the rexec(3) routine. The server \
# provides remote execution facilities with authentication based \
# on user names and passwords.
service exec
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rexecd
}
重启xinetd
/etc/init.d/xinetd restart
5)在客户端使用rsh测试(apt-get install rsh-client):
测试 rsh 主机名或ip地址 true,没有任何显示表示配置完成了!
####################redhat linux下配置rsh和rcp##########
1首先确认机器是否安装rsh包:
[oracle@linux ~]$ rpm -aq |grep rsh
rsh-0.17-25.4
rsh-server-0.17-25.4
如果没有安装以上两个包,请找到相关软件安装(如果是LINUX,可以从安装碟中找到)
安装包:
rpm -ivh rsh-0.17-5 (linux 操作系统)
rpm -ivh rsh-server-0.17-5 (linux 操作系统)
2: 修改/etc/xinetd.d/rsh脚本文件
no
[root@linux ~]# vi /etc/xinetd.d/rsh
rsh 属于xinetd服务,修改/etc/xinetd.d/rsh脚本文件文件中的选项
将disable 设置为no
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, /
# consequently, for the rsh(1) program. The server provides /
# remote execution facilities with authentication based on /
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
# disable = yes
disable = no
}
3.重启rsh服务
[root@linux ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
4. 检查是否启动: rsh server 监听和TCP 是514。
[root@linux ~]# netstat -an |grep 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN
unix 3 [ ] STREAM CONNECTED 44514
5:配置rsh server
修改/etc/securetty文件: echo rsh >>/etc/securetty
如果打算用root作为rsh用户的话:
先用root登录到机器A中进行以下操作:
[root@linux ~]# echo "192.168.7.10 root" >>.rhosts //允许192.168.0.10 以root访问
[root@linux ~]# echo "192.168.7.15 root" >>.rhosts
重启rsh server.
.rhosts一般位于 rsh server服务器相对应账号目录下比如root(与.bash_profile在同一目录)
查看是否配置成功:
[root@linux ~]# more .rhosts
192.168.7.10 root
192.168.7.15 root
6:配置vi /etc/hosts,加入对方的IP和机器名(hostname)。机器名可以参考127.0.0.1一行。
[root@linux ~]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 linux localhost.localdomain localhost
192.168.7.15 linux #本机ip及机器名
192.168.7.10 hlht #远程服务器ip及机器名
7:配置vi /etc/hosts.equiv
[root@linux ~]# vi /etc/hosts.equiv
127.0.0.1 localhost
192.168.7.10 hlht
192.168.7.15 linux
8:到/etc/pam.d/目录下,把rsh文件中的auth required pam_securetty.so一行用“#”封掉即可(注意修改红色字体一行:加#)
[root@hlht ~]# cd /etc/pam.d
[root@hlht pam.d]# vi rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
#auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts_auth.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
9:重启rsh server.
[root@linux ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
10:测试和注意的问题:
登录到192.168.7.10机器进行测试
看是否能看到结果。如果看到
[oracle@linux ~]$ rsh -l oracle 192.168.7.10 ps -ef
connect to address 192.168.7.10: Connection refused
Trying krb4 rsh...
connect to address 192.168.7.10: Connection refused
trying normal rsh (/usr/bin/rsh)
Permission denied.
这是由于权权限问题,一般是由于 .rhosts没有配置正确。.rhosts一般位于
rsh server服务器相对应账号目录下比如root(与.bash_profile在同一目录)
如果看到
[root@linux pam.d]# rsh -l root 192.168.7.10 env|grep PATH
connect to address 192.168.7.10: Connection refused
Trying krb4 rsh...
connect to address 192.168.7.10: Connection refused
trying normal rsh (/usr/bin/rsh)
PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/bin:/bin
表示rsh配置成功,可以使用rcp进行远程拷贝。
11.RCP 远程目录拷贝
[root@hlht run]# rcp -r source linux:/opt/oracle/yljs
//linux为刚才配置的192.168.7.15服务器名
connect to address 192.168.7.15: Connection refused
Trying krb4 rcp...
connect to address 192.168.7.15: Connection refused
trying normal rcp (/usr/bin/rcp)
[root@hlht run]#
root用户可以操作;普通用户好像不行;没有配置好普通用户的远程拷贝。
