login as rsh in rhel 6 without entering password

Question

I need to be able to login to a RHEL 6 server using rsh (please don't flame me about security, it's irrelevant in this particular instance) as root without having to enter a password. My procedure for setting this up works great in RHEL 5.x, but does not work in RHEL 6. I suspect this has something to do with PAM, but I'm inexperienced with how to use PAM. Can someone help me with this?

/etc/pam.d/rsh

auth      required   pam_rhosts.so
auth      required   pam_nologin.so
account   include    common-account
password  include    common-password
session   required   pam_loginuid.so
session   include    common-session

/etc/pam.d/rlogin

auth      required   pam_nologin.so
auth      [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so
auth      sufficient pam_rhosts.so
auth      include    common-auth
auth      required   pam_mail.so
account   include    common-account
password  include    common-password
session   required   pam_loginuid.so
session   include    common-session

Thanks!

If possible I would suggest you use SSH and keys, even if security is not an issue. SSH is better supported in general, and key-authentication works without any hacks. — pehrs, Feb 18 '11 at 07:41
I would love to! the problem is I'm in a test environment and the proprietary testing tools that I've been given use rsh exclusively. — cartmancakes, Feb 28 '11 at 17:21

score 3 · Answer 1 · edited Feb 12 '13 at 17:15

3

I had the same problems. Those two commands made it working:

# chkconfig rsh on
# service xinetd restart

edited Feb 12 '13 at 17:15

mgorven

30,615
7
79
122

answered Jul 08 '11 at 14:41

Andreas

31
2

score 3 · Answer 2 · answered Feb 12 '13 at 17:05

I may be dragging up an old question, but since I was banging my head on this one as well, I thought I'd post what I did to solve it.

Looks like for some reason pam_rhosts.so on RHEL6 does not allow root, so after the auth sufficient pam_rhosts.so line in /etc/pam.d/rlogin I added:

auth sufficient pam_rootok.so

which may or may not be the "right" way, but seems to do the trick at least.

score 1 · Accepted Answer · answered May 15 '14 at 04:12

1

When you edit /etc/pam.d/rlogin it says at the top:

# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.

After adding rlogin at the end of /etc/securetty remote login works without password.

I also found this explanation of how PAM works useful.

answered May 15 '14 at 04:12

jonatan

465
4
10

This is old, but I wanted to respond. This was the solution. It was a PAM issue. – cartmancakes Sep 14 '15 at 16:05

score 0 · Answer 4 · answered Dec 02 '13 at 20:49

0

J.Newman's solution worked for me. For other r services, eg rsh and rexec, this change is also required to relevant file in combination with an entry of (may not be present or may not be set to sufficient): auth sufficient pam_rhosts.so

answered Dec 02 '13 at 20:49

Sir Viva

1

login as rsh in rhel 6 without entering password

4 Answers4