Berkeley R Utilities the new S Utilities The

  • Slides: 10
Download presentation
Berkeley R Utilities & the new S Utilities • The Unix (or Berkeley) r

Berkeley R Utilities & the new S Utilities • The Unix (or Berkeley) r utilities provide an alternative to IP facilities telnet and ftp. • Three programs: rlogin hostname rsh hostname command rcp [host: ]file scp user [email protected]: file user [email protected]: file ssh hostname rdist remote login remote command remote copy, from to secure copy, from to remote command remote distrubtuion • For R family: passwords not required if. rhosts files configured – friendly hosts defined for all normal users in /etc/hosts. equiv – users may add to this list in $HOME/. rhosts • For S family: you need to exchange keys (Red. Hat 9+ default) – – Users may add friendly hosts in $HOME/. ssh/authorized_keys Keys must be give to you from remote host $HOME/. ssh/id_rsa. pub Keys generated with ssh-keygen –t rsa Is installed by default in most Unixes nowdays (R Family is not)

Exercise - Who has Remote Access • Here are three files from mash 4077

Exercise - Who has Remote Access • Here are three files from mash 4077 # more /etc/hosts. equiv seoul # more /. rhosts rosies # /home/hawkeye/. rhosts rosies swamp division bfpierce • • • Can root on seoul copy files to/from mash 4077? Can hawkeye on seoul run commands on mash 4077? Can hawkeye on rosies run commands on mash 4077? Can root on mash 4077 copy files to/from rosies? Can bfpierce on division copy files to mash 4077? Can root on seoul login to mash 4077?

Remote shells • The rsh (remsh) command – – run a command on a

Remote shells • The rsh (remsh) command – – run a command on a named host standard I/O can be redirected as normal /etc/profile and. profile not executed requires /etc/hosts. equiv or $HOME/. rhosts file to be configured From a 02 or a 03 you issue the commands below: $ whoami trapper $ rsh a 01 ls -l. . run ls –l as trapper on a 01 output. . $ rsh a 01 ls -l > list. a 01 file list. a 01 created on local system $ rsh a 01. . . same as rlogin. . . $ rsh –l hawkeye a 01. . . same as rlogin –l hawkeye. . .

Remote distribution -rdist • The rdist command – – – replicating/maintain identical copies of

Remote distribution -rdist • The rdist command – – – replicating/maintain identical copies of files over multiple hosts relies on rlogin and rsh can use ssh as transport for secure mode rdist is client software and rdistd is server software the server rdistd is started via rsh or ssh on the server R-family rsh requires: /etc/hosts. equiv or $HOME/. rhosts file to be configured – S-family ssh requires: $HOME/. ssh/rsa_key. pub to be copied from remote server/client – Uses a special file Distfile for updating and maintaining files – Can syslog to /var/log/messages file RDIST HOME: http: //www. magnicomp. com/rdist/ • The rdist command is Su. SE standard

Remote distribution –preparation • Pepare a master-server and a client files to replicate 1.

Remote distribution –preparation • Pepare a master-server and a client files to replicate 1. Logins must be done without password on clients, or rdist fails. 2. With R-Family: setup server and clients like in this chapter. 3. With S-Family: Generate keys and distribute server keys to all clients, look below. 4. S-Family: Enable ssh root-logins on all clients. 5. Create a Distfile with files and directories to update on your clients with. • Enable root logins (trusted enviroment only) on all clients: 1. sshd config file: /etc/sshd_config: Permit. Root. Login yes Authorized. Keys. File. ssh/authorized_keys

Remote distribution –preparation test • Generate server private and public keys: 1. As root

Remote distribution –preparation test • Generate server private and public keys: 1. As root generate server keys on server: # ssh-keygen –t rsa 2. Copy keys to identity files: # cd. ssh ; cp id_rsa identity ; cp id_rsa. pub identity. pub • Distribute public keys to clients: 1. Create client private and public keys: # ssh <client ip> ssh-keygen –t rsa 2. Distribute server public key to all your clients (they need /root/. ssh catalog): # scp identity. pub <client ip>: . ssh/authorized_keys • As root on the server, test root password-less login rights to all of the nodes/clients by: # ssh node 01 date sat dec 12 14: 52: 55 CET 2004

Remote distribution -Distfile • Used to specify how replication should take place • The

Remote distribution -Distfile • Used to specify how replication should take place • The Distfile format: <variable name> `=' <name list> [ label: ] <source list> `->' <destination list> <command list> [ label: ] <source list> `: : ' <time_stamp file> <command list> The label is optional. HOSTS is in our example all hosts and logins that FILES can be replicated to/from ${FILES} -> ${HOSTS} sends files to list of hosts. /usr/src/bin -> arpa sends catalog with contents to host arpa Commands list is instrcution howto install/operate with lists/files

Remote distribution –execute rdist • Create some testfiles to distribute among clients. # vi

Remote distribution –execute rdist • Create some testfiles to distribute among clients. # vi /etc/my-rdist-testfile This is the rdist test file! • Create a Distfile NODES = ( a 01 a 02 a 03 a 04 ) ETCFILES = ( /etc/my-rdist-testfile ) ${ETCFILES} -> ${NODES} install; This file willl replicate the ETCFILES onto all the NODES. • Replicate the files using rdist together with SSH # /usr/local/bin/rdist -P /usr/local/bin/ssh -p /usr/local/bin/rdistd -f /etc/Distfile You may want to run this command every night on your master-server by using the crontab command.

Internetwork demon Configuration • Internet facilities controlled by the internet daemon – /usr/sbin/xinetd –

Internetwork demon Configuration • Internet facilities controlled by the internet daemon – /usr/sbin/xinetd – started up from /etc/inittab • xinetd controlled by configuration file /etc/xinetd. conf – – Tells where application to start is located Set mandatory user/group to run application Former name was inetd. conf and inetd demon Declares service name • Services configuration files /etc/xinetd. d/ : service telnet { disable = no flags socket_type wait user server log_on_failure } = REUSE = stream = no = root = /usr/sbin/in. telnetd += USERID

Summary • Unix systems use TCP/IP for networking • Every host on the network

Summary • Unix systems use TCP/IP for networking • Every host on the network must have a unique IP address • The file /etc/hosts maps names into IP addresses for network utilities • Systems using DNS don't keep local host files • Unix supports standard TCP/IP programs such as ping, telnet and ftp • Unix provides its own equivalents (rlogin, rcp/scp, rsh and rdist) which use. rhosts files • Unix uses several TCP/IP configuration files in /etc (xinetd. conf, services, etc. )