Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-10 Thread MHR
On Mon, Jul 7, 2008 at 4:05 PM, John R Pierce <[EMAIL PROTECTED]> wrote: > > man ssh-keygen > Unfortunately, as with most man pages, this gives the technical details of how the command works, not so much how to use it in context. However, this (http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-09 Thread Filipe Brandenburger
On Mon, Jul 7, 2008 at 7:31 PM, MHR <[EMAIL PROTECTED]> wrote: > If I shut off the firewall on sushi (/etc/init.d/iptables stop), the > rsh connections all work fine. I need to go research how to read the > iptables output because right now it's greek to me - I can read the > letters, but the word

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread MHR
Update: If I shut off the firewall on sushi (/etc/init.d/iptables stop), the rsh connections all work fine. I need to go research how to read the iptables output because right now it's greek to me - I can read the letters, but the words don't make sense. (I'm an admitted newbie to networking det

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread nate
MHR wrote: This is your problem: > REJECT all -- 0.0.0.0/00.0.0.0/0 > reject-with icmp-host-prohibited > I'm not entirely sure what all this means - pls see above. Is that > what happened? If you don't need iptables then stop the service and disable it: chkconfig --level 2345

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread William L. Maltby
On Mon, 2008-07-07 at 15:28 -0700, MHR wrote: > On Mon, Jul 7, 2008 at 3:04 PM, William L. Maltby > <[EMAIL PROTECTED]> wrote: > > > > I figure you've probably checked this already, but is rcpwrappers > > installed? > > No, not on either system (what is rcpwrappers?). A typoed tcpwrappers <*blus

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread Stephen Harris
On Mon, Jul 07, 2008 at 04:00:33PM -0700, MHR wrote: > On Mon, Jul 7, 2008 at 3:33 PM, Stephen Harris <[EMAIL PROTECTED]> wrote: > > *grin* switch to using ssh for your CVS connections then and bypass the > > whole issue. rsh is insecure, anyway! > > > > Yeah, but there are problems with that ap

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread John R Pierce
MHR wrote: Yeah, but there are problems with that approach. I routinely do mass cvs commands in loops, like showing all differences between my files and the repo files, and if there are a lot of them, I don't want to have to input my password 100+ times man ssh-keygen ___

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread MHR
On Mon, Jul 7, 2008 at 3:35 PM, nate <[EMAIL PROTECTED]> wrote: > > Is there a firewall on sushi? Run iptables -L -n on it, it seems like > a firewall is blocking the connection. > Yes: [EMAIL PROTECTED] mrichter]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread MHR
On Mon, Jul 7, 2008 at 3:33 PM, Stephen Harris <[EMAIL PROTECTED]> wrote: > On Mon, Jul 07, 2008 at 03:21:04PM -0700, MHR wrote: >> >> What's strange (to me) about this is that I can ping and ssh to sushi > > *grin* switch to using ssh for your CVS connections then and bypass the > whole issue. rs

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread nate
MHR wrote: > 15:06:00.485527 IP sushi.ocroads.com > khan.sjhtca.com: ICMP host > sushi.ocroads.com unreachable - admin prohibited, length 68 Is there a firewall on sushi? Run iptables -L -n on it, it seems like a firewall is blocking the connection. If you don't have an explicit need for a firew

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread Stephen Harris
On Mon, Jul 07, 2008 at 03:21:04PM -0700, MHR wrote: > > What's strange (to me) about this is that I can ping and ssh to sushi *grin* switch to using ssh for your CVS connections then and bypass the whole issue. rsh is insecure, anyway! -- rgds Stephen

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread Stephen Harris
On Mon, Jul 07, 2008 at 03:28:00PM -0700, MHR wrote: > On Mon, Jul 7, 2008 at 3:04 PM, William L. Maltby > > If so, are hosts.deny and hosts.allow setup good? I suspect > They're fine. In fact, sushi is in khan's /etc/hosts file explicitly, > and khan thinks it's on ocroads.com: hosts.allow and

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread MHR
On Mon, Jul 7, 2008 at 3:04 PM, William L. Maltby <[EMAIL PROTECTED]> wrote: > > I figure you've probably checked this already, but is rcpwrappers > installed? No, not on either system (what is rcpwrappers?). > If so, are hosts.deny and hosts.allow setup good? I suspect > so - I think I saw you h

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread MHR
On Mon, Jul 7, 2008 at 1:59 PM, Stephen Harris <[EMAIL PROTECTED]> wrote: > On Mon, Jul 07, 2008 at 01:45:25PM -0700, MHR wrote: > > Are you sure there are no firewalls in place that could be blocking access? > Note that "rsh machine" really calls "rlogin machine" and so talks on > a different port

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread William L. Maltby
On Mon, 2008-07-07 at 16:59 -0400, Stephen Harris wrote: > On Mon, Jul 07, 2008 at 01:45:25PM -0700, MHR wrote: > > > [EMAIL PROTECTED] lane]$ rsh khan ls > > poll: protocol failure in circuit setup > > Are you sure there are no firewalls in place that could be blocking access? > Note that "rsh

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread Stephen Harris
On Mon, Jul 07, 2008 at 01:45:25PM -0700, MHR wrote: > [EMAIL PROTECTED] lane]$ rsh khan ls > poll: protocol failure in circuit setup Are you sure there are no firewalls in place that could be blocking access? Note that "rsh machine" really calls "rlogin machine" and so talks on a different port

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread MHR
On Mon, Jul 7, 2008 at 12:13 PM, Stephen Harris <[EMAIL PROTECTED]> wrote: > On Mon, Jul 07, 2008 at 11:53:42AM -0700, MHR wrote: > > This version of rsh is probably /usr/kerberos/bin/rsh (use "type rsh" > or "which rsh" to verify). Try using /usr/bin/rsh instead. > > (the krb5-workstation packag

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread Stephen Harris
On Mon, Jul 07, 2008 at 11:53:42AM -0700, MHR wrote: > $ rsh khan ls > connect to address 10.24.15.48 port 544: Connection refused > Trying krb4 rsh... > connect to address 10.24.15.48 port 544: Connection refused > trying normal rsh (/usr/bin/rsh) > poll: protocol failure in circuit setup This v

Re: [CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread Stephen John Smoogen
On Mon, Jul 7, 2008 at 12:53 PM, MHR <[EMAIL PROTECTED]> wrote: > Okay, I've narrowed the problem down quite a bit. As previously > reported, in CentOS 5.2 I get this: > Well whyis port 544 and 543 getting connection refused in the logs on the server? Are you using kerberos? Are the tickets you g

[CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

2008-07-07 Thread MHR
Okay, I've narrowed the problem down quite a bit. As previously reported, in CentOS 5.2 I get this: $ cvs log Makefile poll: protocol failure in circuit setup cvs [log aborted]: end of file from server (consult above messages if any) Turns out this is a problem with rsh: $ rsh khan ls connect t