[Beowulf] Re:passwordless rsh/ssh

Donald Kinghorn kinghorn at pqs-chem.com
Thu Jun 23 08:10:42 PDT 2005


... you usually have to change a line in /etc/pam.d/rlogin  to;

auth     sufficient     pam_securetty.so

 by default it will be set to  "required".

rsh and rlogin are usually under xinetd control so you also need to add the -h 
flag on the server startup line to allow root rsh.

You should also restrict rsh and rlogin to your local cluster subnet with the  
"only_from" option.

Here's my rsh file in /etc/xinet.d

service shell
{
        socket_type     = stream
        protocol        = tcp
        flags           = NAMEINARGS
        wait            = no
        user            = root
        group           = root
        log_on_success  += USERID
        log_on_failure  += USERID
	only_from		= 192.168.1.0/24
        server          = /usr/sbin/tcpd
        server_args     = /usr/sbin/in.rshd -haL
        disable         = no
}

You could also put restrictions in /etc/hosts.allow and deny since xinetd will 
use tcp wrappers if it's configured
 
Best wishes
-Don

-- 
Dr. Donald B. Kinghorn Parallel Quantum Solutions LLC
http://www.pqs-chem.com




More information about the Beowulf mailing list