linux rsh 配置
在安裝RAC的時候,需要配置各個節點的互信關係,使rsh、rlogin、rcp等命令不需要輸入密碼可以操作其他節點。
除了按照管法rac安裝文件中的方法配置ssh之外,還可以透過修改.rhosts等檔案實現互信。
在unix(如aix)中,可以簡單修改/etc/hosts.equiv實現,但是Linux中比較麻煩,需要一些其他的步驟,下面演示配置方法
需要在各個節點上完成如下操作
1、檢查rsh-server包是否已經安裝
[root@rac1 ~]# rpm -qa|grep -i ^rsh-server
rsh-server-0.17-40.el5
如果沒有安裝使用rpm -ivh 命令安裝
2、確保/etc/xinetd.d/rlogin中存在disable = no這一行(紅色部分)
[root@rac1 ~]# cat /etc/xinetd.d/rlogin
# default: on
# description: rlogind is the server for the rlogin(1) program. The server
# provides a remote login facility with authentication based on
# privileged port numbers from trusted hosts.
service login
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
}
3、確保/etc/xinetd.d/rsh中存在disable = no這一行(紅色部分)
[root@rac1 ~]# cat /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and,
# consequently, for the rsh(1) program. The server provides
# remote execution facilities with authentication based on
# privileged port numbers from trusted hosts.
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}
4、重啟xinetd服務
[root@rac1 ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
5、編輯/etc/securetty,確儲存在rexec、rsh、rlogin三行(紅色部分)
[root@rac1 ~]# cat /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
rexec
rsh
rlogin
6、編輯/etc/hosts.equiv檔案,如下所示
[root@rac1 ~]# cat /etc/hosts.equiv
+rac1 oracle
+rac2 oracle
+rac1-priv oracle
+rac2-priv oracle
+rac1 root
+rac2 root
+rac1-priv root
+rac2-priv root
7、編輯/etc/hosts檔案,如下所示
[root@rac1 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
#public
192.168.2.101 rac1.localdomain rac1
192.168.2.102 rac2.localdomain rac2
#private
192.168.0.101 rac1-priv.localdomain rac1-priv
192.168.0.102 rac2-priv.localdomain rac2-priv
#virtual
192.168.2.111 rac1-vip.localdomain rac1-vip
192.168.2.112 rac2-vip.localdomain rac2-vip
8、編輯~/.rhosts,如下所示
[root@rac1 ~]# cat ~/.rhosts
+rac1 root
+rac2 root
+rac1-priv root
+rac2-priv root
9、測試rlogin和rsh是否可以不用輸入密碼登入其他節點
[root@rac1 ~]# rlogin rac2
connect to address 192.168.2.102 port 543: Connection refused
Trying krb4 rlogin...
connect to address 192.168.2.102 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Last login: Wed Jan 13 08:39:17 from rac1
[root@rac2 ~]# hostname
rac2.localdomain
[root@rac2 ~]# exit
logout
rlogin: connection closed.
[root@rac1 ~]# rsh rac2
connect to address 192.168.2.102 port 543: Connection refused
Trying krb4 rlogin...
connect to address 192.168.2.102 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Last login: Wed Jan 13 08:47:22 from rac1
[root@rac2 ~]# hostname
rac2.localdomain
[root@rac2 ~]# exit
logout
rlogin: connection closed.
如果不希望每次輸出錯誤提示,那麼可以將預設的rlogin和rsh修改為不帶kbr認證的
方法如下:
# [b]which rsh[/b]
/usr/kerberos/bin/rsh
mv /usr/kerberos/bin/rsh /usr/kerberos/bin/rsh.original
mv /usr/kerberos/bin/rcp /usr/kerberos/bin/rcp.original
mv /usr/kerberos/bin/rlogin /usr/kerberos/bin/rlogin.original
# which rsh[
/usr/bin/rsh //ok
ln -s /usr/bin/rsh /usr/kerberos/bin/rsh
ln -s /usr/bin/rlogin /usr/kerberos/bin/rlogin
ln -s /usr/bin/rcp /usr/kerberos/bin/rcp
Hello, I had that same problem in rhel 5.2.
Here is what I did to resolve:
un-install the rsh-server rpm
install the rsh-server rpm
reboot
edit the /etc/xinetd.d/rexec (change disabled = yes to no)
edit the /etc/xinetd.d/rlogin (change disabled = yes to no)
edit the /etc/xinetd.d/rsh (change disabled = yes to no)
edit the /etc/pam.d/rsh (auth required pam_rhosts_auth.so promiscuous)
edit /etc/securetty (add rsh rlogin and rexec)
update your ~/.rhosts file with the resolved names of the servers you want to access.
service xinetd restart
done!!!
rsh amanda date
poll: protocol failure in circuit setup
--- 把 /etc/hosts.allow 中的內容刪除:
[root@EGRAC2 Server]# vi /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
#in.rshd:10.1.11. in.rlogind:10.1.11. portmap:10.1.11. sshd:10.1.11.
~
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/66634/viewspace-1058294/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 在centos 5上如何配置rsh,rcp,scp多節點互通_無須密碼CentOS密碼
- 除錯 rsh, rcp, rlogin, rdist 許可被拒(Permission Denied )問題(zt)除錯
- linux配置Linux
- linux配置sftpLinuxFTP
- linux配置jdkLinuxJDK
- linux 配置hostnameLinux
- 配置linux DNSLinuxDNS
- linux配置nginxLinuxNginx
- Linux安全配置Linux
- linux配置sudoLinux
- linux NFS 配置LinuxNFS
- linux 配置autofsLinux
- linux VNC 配置LinuxVNC
- linux配置yumLinux
- Linux samba 配置LinuxSamba
- linux配置nfsLinuxNFS
- Linux DHCP 配置Linux
- Linux 配置YUMLinux
- ubuntu linux配置UbuntuLinux
- linux下配置javaLinuxJava
- Linux基礎配置Linux
- Linux|網路配置Linux
- linux 配置yum 源Linux
- linux 修改 dns 配置LinuxDNS
- [Linux] vsftpd配置LinuxFTP
- linux下配置zookeeperLinux
- Linux google host配置LinuxGo
- Linux配置notesLinux
- Linux環境配置Linux
- Linux 下配置 HugePagesLinux
- Linux中DNS配置LinuxDNS
- Linux下SVN配置Linux
- linux 防火牆配置Linux防火牆
- linux 配置網路Linux
- Linux 網路卡配置Linux
- Linux本地yum配置Linux
- SSH linux下配置。Linux
- SVN linux端配置Linux