Enabling rsh for Linux

The following section describes how to enable remote shell.

Veritas recommends configuring a secure shell environment for Veritas product installations.

See Manually configuring and passwordless ssh.

See the operating system documentation for more information on configuring remote shell.

To enable rsh

  1. To ensure that the rsh and rsh-server RPMs are installed, type the following command:
    # rpm -qa | grep -i rsh

    If it is not already in the file, type the following command to append the line "rsh" to the /etc/securetty file:

    # echo "rsh" >> /etc/securetty
  2. Modify the line disable = no in the /etc/xinetd.d/rsh file.
  3. In the /etc/pam.d/rsh file, change the "auth" type from "required" to "sufficient":
    auth     sufficient
  4. Add the "promiscuous" flag into /etc/pam.d/rsh and /etc/pam.d/rlogin after item "pam_rhosts_auth.so".
  5. To enable the rsh server, type the following command:
    # chkconfig rsh on
  6. Modify the .rhosts file. Each line of the .rhosts file contains a fully qualified domain name or IP address for each remote system. This file also contains the name of a user having access to the local system. For example, if the root user must remotely access system1 from system2, add an entry for system2.companyname.com to the .rhosts file on system1 by typing the following command:
    # echo "system2.companyname.com" >> $HOME/.rhosts
  7. Install the Veritas product.

To disable rsh

  1. Remove the "rsh" entry in the /etc/securetty file.
  2. Disable the rsh server by typing the following command:
    # chkconfig rsh off
  3. After you complete an installation procedure, delete the .rhosts file from each user's $HOME directory to ensure security:
    # rm -f $HOME/.rhosts