ssh免密码登录   rsh rcp部署

ssh免密码登录配置和rsh部署

ssh配置：
在old-mail03上root需要无密码登录到new-mail03
new-mail03上：
mkdir /root/.ssh
chmod 700 /root/.ssh
cd /root/.ssh && touch authorized_keys && chmod 644 authorized_keys
vi authorized_keys(add old-mail03 root pub_key)
##配置好测试ssh是否可以无密码登录
rsh部署
1），修改dns nameserver 202.106.0.20
2），修改source.list 详见：http://tenderrain.blog.51cto.com/9202912/1701242
3），apt-get update
4），apt-get install rsh-server -y
apt-get install rsh-redone-server -y
apt-get install xinetd -y
vi /etc/hosts (add ip & rsh-client-hostname)
vi /etc/hosts.equiv (add rsh-client-hostname)
vi /root/.rhosts (rsh-client-hostname rsh-client-user)
vi /etc/xinetd.d/rsh 添加如下内容：
# default: on
# descrīption: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}
/etc/xinetd.d/rlogin
# default: on
# descrīption: rlogind is the server for the rlogin(1) program. The server \
# provides a remote login facility with authentication based on \
# privileged port numbers from trusted hosts.
service login
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
}
/etc/xinetd.d/rexec
# default: off
# descrīption: Rexecd is the server for the rexec(3) routine. The server \
# provides remote execution facilities with authentication based \
# on user names and passwords.
service exec
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rexecd
}
重启xinetd
/etc/init.d/xinetd restart
5）在客户端使用rsh测试（apt-get install rsh-client）：
测试 rsh 主机名或ip地址 true，没有任何显示表示配置完成了！

####################redhat linux下配置rsh和rcp##########
1首先确认机器是否安装rsh包:

[oracle@linux ~]$ rpm -aq |grep rsh

rsh-0.17-25.4

rsh-server-0.17-25.4

如果没有安装以上两个包，请找到相关软件安装(如果是LINUX，可以从安装碟中找到)

安装包:

rpm -ivh rsh-0.17-5 (linux 操作系统)

rpm -ivh rsh-server-0.17-5 (linux 操作系统)

2: 修改/etc/xinetd.d/rsh脚本文件

no

[root@linux ~]# vi /etc/xinetd.d/rsh

rsh 属于xinetd服务，修改/etc/xinetd.d/rsh脚本文件文件中的选项

将disable 设置为no

# default: on

# description: The rshd server is the server for the rcmd(3) routine and, /

# consequently, for the rsh(1) program. The server provides /

# remote execution facilities with authentication based on /

# privileged port numbers from trusted hosts.

service shell

{

socket_type = stream

wait = no

user = root

log_on_success += USERID

log_on_failure += USERID

server = /usr/sbin/in.rshd

# disable = yes

disable = no

}

3．重启rsh服务

[root@linux ~]# service xinetd restart

Stopping xinetd: [ OK ]

Starting xinetd: [ OK ]

4. 检查是否启动: rsh server 监听和TCP 是514。

[root@linux ~]# netstat -an |grep 514

tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN

unix 3 [ ] STREAM CONNECTED 44514

5：配置rsh server

修改/etc/securetty文件: echo rsh >>/etc/securetty

如果打算用root作为rsh用户的话:

先用root登录到机器A中进行以下操作:

[root@linux ~]# echo "192.168.7.10 root" >>.rhosts //允许192.168.0.10 以root访问

[root@linux ~]# echo "192.168.7.15 root" >>.rhosts

重启rsh server.

.rhosts一般位于 rsh server服务器相对应账号目录下比如root(与.bash_profile在同一目录)

查看是否配置成功：

[root@linux ~]# more .rhosts

192.168.7.10 root

192.168.7.15 root

6：配置vi /etc/hosts，加入对方的IP和机器名(hostname)。机器名可以参考127.0.0.1一行。

[root@linux ~]# vi /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 linux localhost.localdomain localhost

192.168.7.15 linux ＃本机ip及机器名

192.168.7.10 hlht ＃远程服务器ip及机器名

7：配置vi /etc/hosts.equiv

[root@linux ~]# vi /etc/hosts.equiv

127.0.0.1 localhost

192.168.7.10 hlht

192.168.7.15 linux

8：到/etc/pam.d/目录下，把rsh文件中的auth required pam_securetty.so一行用“#”封掉即可(注意修改红色字体一行：加＃)

[root@hlht ~]# cd /etc/pam.d

[root@hlht pam.d]# vi rsh

#%PAM-1.0

# For root login to succeed here with pam_securetty, "rsh" must be

# listed in /etc/securetty.

auth required pam_nologin.so

#auth required pam_securetty.so

auth required pam_env.so

auth required pam_rhosts_auth.so

account required pam_stack.so service=system-auth

session required pam_stack.so service=system-auth

9：重启rsh server.

[root@linux ~]# service xinetd restart

Stopping xinetd: [ OK ]

Starting xinetd: [ OK ]

10:测试和注意的问题:

登录到192.168.7.10机器进行测试

看是否能看到结果。如果看到

[oracle@linux ~]$ rsh -l oracle 192.168.7.10 ps -ef

connect to address 192.168.7.10: Connection refused

Trying krb4 rsh...

connect to address 192.168.7.10: Connection refused

trying normal rsh (/usr/bin/rsh)

Permission denied.

这是由于权权限问题，一般是由于 .rhosts没有配置正确。.rhosts一般位于

rsh server服务器相对应账号目录下比如root(与.bash_profile在同一目录)

如果看到

[root@linux pam.d]# rsh -l root 192.168.7.10 env|grep PATH

connect to address 192.168.7.10: Connection refused

Trying krb4 rsh...

connect to address 192.168.7.10: Connection refused

trying normal rsh (/usr/bin/rsh)

PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/bin:/bin

表示rsh配置成功，可以使用rcp进行远程拷贝。

11.RCP 远程目录拷贝

[root@hlht run]# rcp -r source linux:/opt/oracle/yljs

//linux为刚才配置的192.168.7.15服务器名

connect to address 192.168.7.15: Connection refused

Trying krb4 rcp...

connect to address 192.168.7.15: Connection refused

trying normal rcp (/usr/bin/rcp)

[root@hlht run]#

root用户可以操作；普通用户好像不行；没有配置好普通用户的远程拷贝。