Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3 243
Security Notes The remote shell protocol is an inherently insecure protocol. It is the
protocol used by the Berkeley “r commands,” rlogin, rcp, remsh, and so
on. Many system administrators disable the use of the “r” commands as a
matter of policy. For example, the Bastille security hardening tool offers
a default option to disable these insecure services. If disabled, the pdsh
-R rsh option to use the remote shell transport will not work.
If the “r” services are not disabled, use of the pdsh -R rsh option by
unprivileged users is still disabled by default because of the inherent
security risk. By default, only users with root privileges can use the pdsh
-R rsh option. This is because the remote shell rcmd library call requires
the use of a privileged port. Even though privileged users can use -R
rsh, the ssh transport is still preferred.
If the hosts and users are trusted in your environment, you can enable
the use of the pdsh -R rsh option for unprivileged users with the
following commands:
# cd /opt/dsau/bin/pdsh
# chown root:bin pdsh
# chmod u+s pdsh
Command Fanout Troubleshooting
This section contains troubleshooting tips for common error messages
produced by pdsh and the wrapper commands.
You may see the following error messages when using the ssh command
transport:
• ssh command transport messages:
— pdsh@<local hostname>: <target hostname>: ssh exited
with exit code 1
Reason: The target system is unreachable.
— pdsh@<local hostname>: <target hostname>: ssh exited
with exit code 255
Reason: This message occurs when the target hostname is
unknown or the target host’s IP address in /etc/hosts is incorrect.
Note that 255 is exit code used by ssh when ssh itself encounters
an error.
• rsh command transport messages: