Enabling rsh for Linux

The following section describes how to enable remote shell.

Symantec recommends configuring a secure shell environment for Symantec product installations.

See Manually configuring and passwordless ssh.

See the operating system documentation for more information on configuring remote shell.

To enable rsh

  1. To ensure that the rsh and rsh-server RPMs are installed, type the following command:
    # rpm -qa | grep -i rsh

    If it is not already in the file, type the following command to append the line "rsh" to the /etc/securetty file:

    # echo "rsh" >> /etc/securetty
  2. Modify the line disable = no in the /etc/xinetd.d/rsh file.
  3. In the /etc/pam.d/rsh file, change the "auth" type from "required" to "sufficient":
    auth     sufficient
  4. Add the "promiscuous" flag into /etc/pam.d/rsh and /etc/pam.d/rlogin after item "pam_rhosts_auth.so".
  5. To enable the rsh server, type the following command:
    # chkconfig rsh on
  6. Modify the .rhosts file. Each line of the .rhosts file contains a fully qualified domain name or IP address for each remote system. This file also contains the name of a user having access to the local system. For example, if the root user must remotely access sys1 from sys2, add an entry for sys2.companyname.com to the .rhosts file on sys1 by typing the following command:
    # echo "sys2.companyname.com" >> $HOME/.rhosts
  7. Install the Symantec product.

To disable rsh

  1. Remove the "rsh" entry in the /etc/securetty file.
  2. Disable the rsh server by typing the following command:
    # chkconfig rsh off
  3. After you complete an installation procedure, delete the .rhosts file from each user's $HOME directory to ensure security:
    # rm -f $HOME/.rhosts