linux rsh 配置

在安装RAC的时候，需要配置各个节点的互信关系，使rsh、rlogin、rcp等命令不需要输入密码可以操作其他节点。

除了按照管法rac安装文档中的方法配置ssh之外，还可以通过修改.rhosts等文件实现互信。

在unix（如aix）中，可以简单修改/etc/hosts.equiv实现，但是Linux中比较麻烦，需要一些其他的步骤，下面演示配置方法

需要在各个节点上完成如下操作

1、检查rsh-server包是否已经安装

[[email protected] ~]# rpm -qa|grep -i ^rsh-server

rsh-server-0.17-40.el5

如果没有安装使用rpm -ivh 命令安装

2、确保/etc/xinetd.d/rlogin中存在disable = no这一行（红色部分）

[[email protected] ~]# cat /etc/xinetd.d/rlogin

# default: on

# description: rlogind is the server for the rlogin(1) program. The server

# provides a remote login facility with authentication based on

# privileged port numbers from trusted hosts.

service login

{

disable = no

socket_type = stream

wait = no

user = root

log_on_success += USERID

log_on_failure += USERID

server = /usr/sbin/in.rlogind

}

3、确保/etc/xinetd.d/rsh中存在disable = no这一行（红色部分）

[[email protected] ~]# cat /etc/xinetd.d/rsh

# default: on

# description: The rshd server is the server for the rcmd(3) routine and,

# consequently, for the rsh(1) program. The server provides

# remote execution facilities with authentication based on

# privileged port numbers from trusted hosts.

service shell

{

disable = no

socket_type = stream

wait = no

user = root

log_on_success += USERID

log_on_failure += USERID

server = /usr/sbin/in.rshd

}

4、重启xinetd服务

[[email protected] ~]# service xinetd restart

Stopping xinetd: [ OK ]

Starting xinetd: [ OK ]

5、编辑/etc/securetty，确保存在rexec、rsh、rlogin三行（红色部分）

[[email protected] ~]# cat /etc/securetty

console

vc/1

vc/2

vc/3

vc/4

vc/5

vc/6

vc/7

vc/8

vc/9

vc/10

vc/11

tty1

tty2

tty3

tty4

tty5

tty6

tty7

tty8

tty9

tty10

tty11

rexec

rsh

rlogin

6、编辑/etc/hosts.equiv文件，如下所示

[[email protected] ~]# cat /etc/hosts.equiv

+rac1 oracle

+rac2 oracle

+rac1-priv oracle

+rac2-priv oracle

+rac1 root

+rac2 root

+rac1-priv root

+rac2-priv root

7、编辑/etc/hosts文件，如下所示

[[email protected] ~]# cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

#public

192.168.2.101 rac1.localdomain rac1

192.168.2.102 rac2.localdomain rac2

#private

192.168.0.101 rac1-priv.localdomain rac1-priv

192.168.0.102 rac2-priv.localdomain rac2-priv

#virtual

192.168.2.111 rac1-vip.localdomain rac1-vip

192.168.2.112 rac2-vip.localdomain rac2-vip

8、编辑~/.rhosts，如下所示

[[email protected] ~]# cat ~/.rhosts

+rac1 root

+rac2 root

+rac1-priv root

+rac2-priv root

9、测试rlogin和rsh是否可以不用输入密码登录其他节点

[[email protected] ~]# rlogin rac2

connect to address 192.168.2.102 port 543: Connection refused

Trying krb4 rlogin...

connect to address 192.168.2.102 port 543: Connection refused

trying normal rlogin (/usr/bin/rlogin)

Last login: Wed Jan 13 08:39:17 from rac1

[[email protected] ~]# hostname

rac2.localdomain

[[email protected] ~]# exit

logout

rlogin: connection closed.

[[email protected] ~]# rsh rac2

connect to address 192.168.2.102 port 543: Connection refused

Trying krb4 rlogin...

connect to address 192.168.2.102 port 543: Connection refused

trying normal rlogin (/usr/bin/rlogin)

Last login: Wed Jan 13 08:47:22 from rac1

[[email protected] ~]# hostname

rac2.localdomain

[[email protected] ~]# exit

logout

rlogin: connection closed.

如果不希望每次输出错误提示，那么可以将默认的rlogin和rsh修改为不带kbr认证的

方法如下：

# [b]which rsh[/b]

/usr/kerberos/bin/rsh

mv /usr/kerberos/bin/rsh /usr/kerberos/bin/rsh.original

mv /usr/kerberos/bin/rcp /usr/kerberos/bin/rcp.original

mv /usr/kerberos/bin/rlogin /usr/kerberos/bin/rlogin.original

# which rsh[

/usr/bin/rsh //ok

ln -s /usr/bin/rsh /usr/kerberos/bin/rsh

ln -s /usr/bin/rlogin /usr/kerberos/bin/rlogin

ln -s /usr/bin/rcp /usr/kerberos/bin/rcp

Hello, I had that same problem in rhel 5.2.

Here is what I did to resolve:

un-install the rsh-server rpm

install the rsh-server rpm

reboot

edit the /etc/xinetd.d/rexec (change disabled = yes to no)

edit the /etc/xinetd.d/rlogin (change disabled = yes to no)

edit the /etc/xinetd.d/rsh (change disabled = yes to no)

edit the /etc/pam.d/rsh (auth required pam_rhosts_auth.so promiscuous)

edit /etc/securetty (add rsh rlogin and rexec)

update your ~/.rhosts file with the resolved names of the servers you want to access.

service xinetd restart

done!!!

rsh amanda date

poll: protocol failure in circuit setup

--- 把 /etc/hosts.allow 中的内容删除：

[[email protected] Server]# vi /etc/hosts.allow

#

# hosts.allow This file describes the names of the hosts which are

# allowed to use the local INET services, as decided

# by the '/usr/sbin/tcpd' server.

#

#in.rshd:10.1.11. in.rlogind:10.1.11. portmap:10.1.11. sshd:10.1.11.

~

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/66634/viewspace-1058294/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/66634/viewspace-1058294/