rsh的安全性是没有保证的,所有密码均使用明文传输,如果服务器有大量对外服务,建议不要使用此协议
我们在使用CentOS系统时候,安装RAC时,需要配置各个节点的互信关系,使rsh、rlogin、rcp等命令不需要输入密码可以操作其他节点。
PS:以下步骤两台机器都是需要操作
前置条件:
关闭防火墙
关闭selinux
1、首先在两台机器上安装需要的软件包:
yum -y install rsh rsh-server xinetd
2、配置/etc/hosts解析:
主机ip 主机名
3、编辑文件/etc/hosts.equiv
把两台的主机名写入进去,一个主机名占一行
4、在用户的家目录下面编辑.rhosts文件
vim .rhosts
把两台主机名写进去,各占一行
权限必须是600
chmod 600 .rhosts
5、编辑/etc/securetty在文本里面追加三行:
echo rsh >>/etc/securetty
echo rlogin >>/etc/securetty
echo rexec >>/etc/securetty
6、在/etc/xinetd.d/目录下,添加两个文件配置如下:
cat /etc/xinetd.d/rsh
# default: on
# # # description: The rshd server is the server for the rcmd(3) routine and,
# # # consequently, for the rsh(1) program. The server provides
# # # remote execution facilities with authentication based on
# # # privileged port numbers from trusted hosts. service shell
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}
cat /etc/xinetd.d/rlogin
# default: on
# # description: rlogind is the server for the rlogin(1) program. The server
# # provides a remote login facility with authentication based on
# # privileged port numbers from trusted hosts. service login
service login
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rlogind
}
7、重启xinetd服务:
systemctl restart xinetd.service
8、查询514端口是否正在监听:
netstat -an | grep 514
tcp6 0 0 :::514 :::* LISTEN
9、测试是否可以无密码访问:
rsh 主机名